Privilege Escalation in Mediatek Wi-Fi Driver
CVE-2022-32656

6.7MEDIUM

Key Information:

Vendor: MediaTek
Status: Mt5221, Mt7603, Mt7613, Mt7615, Mt7622, Mt7628, Mt7629, Mt7663, Mt7668, Mt7682, Mt7686, Mt7687, Mt7697, Mt7902, Mt7915, Mt7916, Mt7921, Mt7933, Mt7981, Mt7986, Mt8167s, Mt8175, Mt8362a, Mt8365, Mt8385, Mt8518s, Mt8532, Mt8695, Mt8696, Mt8788
Vendor: CVE Published:; 6 February 2023

Summary

The Mediatek Wi-Fi driver contains a flaw due to inadequate error handling, which may result in undefined behavior. This vulnerability can potentially allow an attacker with local access to escalate privileges to system execution level without the need for user interaction. Affected systems should be updated promptly following the patch indicated by Issue ID GN20220705035 to mitigate the risks associated with this vulnerability.

Affected Version(s)

MT5221, MT7603, MT7613, MT7615, MT7622, MT7628, MT7629, MT7663, MT7668, MT7682, MT7686, MT7687, MT7697, MT7902, MT7915, MT7916, MT7921, MT7933, MT7981, MT7986, MT8167S, MT8175, MT8362A, MT8365, MT8385, MT8518S, MT8532, MT8695, MT8696, MT8788 7.6.6.0

References

https://corp.mediatek.com/product-security-bulletin/Febru...

CVSS V3.1

Score:

6.7

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 6, 2023
Vulnerability Reserved
Jun 9, 2022