Out of Bounds Write Vulnerability in Bluetooth by MediaTek
CVE-2022-21767

8.8HIGH

Key Information:

Vendor: MediaTek
Status: Mt8167, Mt8175, Mt8183, Mt8362a, Mt8365, Mt8385
Vendor: CVE Published:; 6 July 2022

Summary

The vulnerability identified in Bluetooth implementations by MediaTek arises from a missing bounds check, which allows for a possible out of bounds write condition. Such a flaw may facilitate local escalation of privilege without requiring additional execution privileges. Exploitation of this vulnerability does not necessitate user interaction, posing a significant security risk for affected devices. This issue has been documented with Patch ID ALPS06784430.

Affected Version(s)

MT8167, MT8175, MT8183, MT8362A, MT8365, MT8385 Android 8.1, 9.0, 10.0, 11.0, 12.0

References

https://corp.mediatek.com/product-security-bulletin/July-...

x_refsource_MISC

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 6, 2022
Vulnerability Reserved
Nov 26, 2021