Out of Bounds Write Vulnerability in MediaTek WiFi Driver
CVE-2022-26440

6.7MEDIUM

Key Information:

Vendor: MediaTek
Status: Mt7603, Mt7610, Mt7612, Mt7613, Mt7615, Mt7620, Mt7622, Mt7628, Mt7629, Mt7915, Mt7916, Mt7986, Mt8981
Vendor: CVE Published:; 1 August 2022

Summary

A significant vulnerability has been identified in the MediaTek WiFi driver, where an out of bounds write can occur due to a missing boundary check. This flaw enables local attackers to escalate their privileges, potentially allowing them to execute arbitrary code with system-level permissions. Exploitation of this vulnerability does not require user interaction, making it a particularly concerning issue for users of affected MediaTek devices. A patch has been issued to address this critical security flaw.

Affected Version(s)

MT7603, MT7610, MT7612, MT7613, MT7615, MT7620, MT7622, MT7628, MT7629, MT7915, MT7916, MT7986, MT8981 7.6.2.3

References

https://corp.mediatek.com/product-security-bulletin/Augus...

x_refsource_MISC

CVSS V3.1

Score:

6.7

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 1, 2022
Vulnerability Reserved
Mar 4, 2022