Use After Free Vulnerability in MediaTek Sched Driver
CVE-2022-21775

6.7MEDIUM

Key Information:

Vendor: MediaTek
Status: Mt6761, Mt6762, Mt6763, Mt6765, Mt6768, Mt6769, Mt6771, Mt6779, Mt6781, Mt6785, Mt6789, Mt6795, Mt6797, Mt6799, Mt6833, Mt6853, Mt6853t, Mt6873, Mt6875, Mt6877, Mt6879, Mt6883, Mt6885, Mt6889, Mt6891, Mt6893, Mt6895, Mt8167, Mt8167s, Mt8168, Mt8173, Mt8185, Mt8321, Mt8362a, Mt8365, Mt8385, Mt8666, Mt8675, Mt8768, Mt8786, Mt8788, Mt8789, Mt8791, Mt8797
Vendor: CVE Published:; 6 July 2022

What is CVE-2022-21775?

A vulnerability in the MediaTek sched driver has been identified where improper locking can lead to a use after free condition. This flaw could potentially allow an attacker to escalate privileges on a local system without requiring user interaction. The issue, linked to Patch ID ALPS06479032, emphasizes the importance of proper memory management in driver design and highlights the need for timely updates to ensure system integrity.

Affected Version(s)

MT6761, MT6762, MT6763, MT6765, MT6768, MT6769, MT6771, MT6779, MT6781, MT6785, MT6789, MT6795, MT6797, MT6799, MT6833, MT6853, MT6853T, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6889, MT6891, MT6893, MT6895, MT8167, MT8167S, MT8168, MT8173, MT8185, MT8321, MT8362A, MT8365, MT8385, MT8666, MT8675, MT8768, MT8786, MT8788, MT8789, MT8791, MT8797 Android 11.0, 12.0

References

https://corp.mediatek.com/product-security-bulletin/July-...

x_refsource_MISC

CVSS V3.1

Score:

6.7

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 6, 2022
Vulnerability Reserved
Nov 26, 2021