Undefined Behavior in Wi-Fi Driver Affects MediaTek Products
CVE-2022-32655

6.7MEDIUM

Key Information:

Vendor: MediaTek
Status: Mt5221, Mt7603, Mt7613, Mt7615, Mt7622, Mt7628, Mt7629, Mt7663, Mt7668, Mt7682, Mt7686, Mt7687, Mt7697, Mt7902, Mt7915, Mt7916, Mt7921, Mt7933, Mt7981, Mt7986, Mt8167s, Mt8175, Mt8362a, Mt8365, Mt8385, Mt8518s, Mt8532, Mt8695, Mt8696, Mt8788
Vendor: CVE Published:; 6 February 2023

Summary

A vulnerability exists in the Wi-Fi driver from MediaTek due to improper error handling, leading to potential undefined behavior. This flaw could allow an attacker to escalate privileges to a system execution level without requiring user interaction. Users of affected MediaTek products should be aware of this vulnerability and apply the necessary patches provided by the vendor.

Affected Version(s)

MT5221, MT7603, MT7613, MT7615, MT7622, MT7628, MT7629, MT7663, MT7668, MT7682, MT7686, MT7687, MT7697, MT7902, MT7915, MT7916, MT7921, MT7933, MT7981, MT7986, MT8167S, MT8175, MT8362A, MT8365, MT8385, MT8518S, MT8532, MT8695, MT8696, MT8788 7.6.6.0

References

https://corp.mediatek.com/product-security-bulletin/Febru...

CVSS V3.1

Score:

6.7

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 6, 2023
Vulnerability Reserved
Jun 9, 2022