Local Privilege Escalation in Ion by MediaTek
CVE-2022-20111

8.4HIGH

Key Information:

Vendor
MediaTek
Status
Mt6580, Mt6735, Mt6737, Mt6739, Mt6750, Mt6750s, Mt6753, Mt6757, Mt6757c, Mt6757cd, Mt6757ch, Mt6761, Mt6762, Mt6763, Mt6765, Mt6768, Mt6769, Mt6771, Mt6779, Mt6781, Mt6785, Mt6797, Mt6833, Mt6853, Mt6853t, Mt6873, Mt6875, Mt6877, Mt6883, Mt6885, Mt6889, Mt6893, Mt8167, Mt8168, Mt8173, Mt8185, Mt8321, Mt8362a, Mt8365, Mt8385, Mt8666, Mt8675, Mt8695, Mt8696, Mt8765, Mt8766, Mt8768, Mt8786, Mt8788, Mt8789, Mt8791, Mt8797
Vendor
CVE Published:
3 May 2022

Summary

The vulnerability in Ion by MediaTek arises from a use after free issue, primarily due to improper error handling. This flaw enables an attacker to execute local privilege escalation without requiring additional execution privileges or user interaction, creating a significant security risk. Affected systems should implement the recommended patches to mitigate the potential impact of this vulnerability.

Affected Version(s)

MT6580, MT6735, MT6737, MT6739, MT6750, MT6750S, MT6753, MT6757, MT6757C, MT6757CD, MT6757CH, MT6761, MT6762, MT6763, MT6765, MT6768, MT6769, MT6771, MT6779, MT6781, MT6785, MT6797, MT6833, MT6853, MT6853T, MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6893, MT8167, MT8168, MT8173, MT8185, MT8321, MT8362A, MT8365, MT8385, MT8666, MT8675, MT8695, MT8696, MT8765, MT8766, MT8768, MT8786, MT8788, MT8789, MT8791, MT8797 Android 9.0, 10.0, 11.0, 12.0

References

https://corp.mediatek.com/product-security-bulletin/May-2022
x_refsource_MISC

CVSS V3.1

Score:
8.4
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.