Multiple vulnerabilities in MediaTek chipsets
Security Bulletin
This security bulletin contains information about 27 vulnerabilities.
1) Race condition
EUVDB-ID: #VU65042
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-21774
Exploit availability: No
DescriptionThe vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a race condition in TEEI driver. A local application can exploit the race and escalate privileges on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsMT6761: All versions
MT6765: All versions
MT6768: All versions
MT6771: All versions
MT6779: All versions
MT6781: All versions
MT6785: All versions
MT6833: All versions
MT6853: All versions
MT6875: All versions
MT6877: All versions
MT6879: All versions
MT6885: All versions
MT6893: All versions
MT6895: All versions
MT6983: All versions
External linkshttp://corp.mediatek.com/product-security-bulletin/July-2022
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Out-of-bounds write
EUVDB-ID: #VU65055
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-21787
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
Description The vulnerability allows a malicious application to escalate privileges on the system.
The vulnerability exists due to a boundary error in audio DSP. A malicious application can trigger an out-of-bounds write and execute arbitrary code with elevated privileges.
MitigationInstall updates from vendor's website.
Vulnerable software versionsMT6833: All versions
MT6853: All versions
MT6873: All versions
MT6877: All versions
MT6879: All versions
MT6885: All versions
MT6893: All versions
MT6895: All versions
MT6983: All versions
MT8791: All versions
MT8797: All versions
MT8798: All versions
External linkshttp://corp.mediatek.com/product-security-bulletin/July-2022
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Type conversion
EUVDB-ID: #VU65053
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-21786
CWE-ID:
CWE-704 - Type conversion
Exploit availability: No
DescriptionThe vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a type conversion error in audio DSP. A local application can trigger memory corruption and execute arbitrary code with elevated privileges.
Install updates from vendor's website.
Vulnerable software versionsMT6833: All versions
MT6853: All versions
MT6873: All versions
MT6877: All versions
MT6879: All versions
MT6885: All versions
MT6893: All versions
MT6895: All versions
MT6983: All versions
MT8791: All versions
MT8797: All versions
MT8798: All versions
External linkshttp://corp.mediatek.com/product-security-bulletin/July-2022
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Out-of-bounds write
EUVDB-ID: #VU65052
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-21785
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
Description The vulnerability allows a malicious application to escalate privileges on the system.
The vulnerability exists due to a boundary error in WLAN driver. A malicious application can trigger an out-of-bounds write and execute arbitrary code with elevated privileges.
MitigationInstall updates from vendor's website.
Vulnerable software versionsMT6877: All versions
MT6983: All versions
MT8167S: All versions
MT8168: All versions
MT8175: All versions
MT8183: All versions
MT8185: All versions
MT8362A: All versions
MT8365: All versions
MT8385: All versions
MT8667: All versions
MT8675: All versions
MT8695: All versions
MT8696: All versions
MT8766: All versions
MT8768: All versions
MT8786: All versions
MT8788: All versions
MT8789: All versions
MT8791: All versions
MT8797: All versions
External linkshttp://corp.mediatek.com/product-security-bulletin/July-2022
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Out-of-bounds write
EUVDB-ID: #VU65051
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-21784
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
Description The vulnerability allows a malicious application to escalate privileges on the system.
The vulnerability exists due to a boundary error in WLAN driver. A malicious application can trigger an out-of-bounds write and execute arbitrary code with elevated privileges.
MitigationInstall updates from vendor's website.
Vulnerable software versionsMT6761: All versions
MT6779: All versions
MT6781: All versions
MT6833: All versions
MT6853: All versions
MT6873: All versions
MT6877: All versions
MT6879: All versions
MT6883: All versions
MT6885: All versions
MT6889: All versions
MT6893: All versions
MT6895: All versions
MT6983: All versions
MT8167S: All versions
MT8168: All versions
MT8175: All versions
MT8183: All versions
MT8185: All versions
MT8362A: All versions
MT8365: All versions
MT8385: All versions
MT8667: All versions
MT8675: All versions
MT8696: All versions
MT8766: All versions
MT8768: All versions
MT8786: All versions
MT8788: All versions
MT8789: All versions
MT8791: All versions
MT8797: All versions
External linkshttp://corp.mediatek.com/product-security-bulletin/July-2022
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Out-of-bounds write
EUVDB-ID: #VU65050
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-21783
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
Description The vulnerability allows a malicious application to escalate privileges on the system.
The vulnerability exists due to a boundary error in WLAN driver. A malicious application can trigger an out-of-bounds write and execute arbitrary code with elevated privileges.
MitigationInstall updates from vendor's website.
Vulnerable software versionsMT6761: All versions
MT6779: All versions
MT6781: All versions
MT6833: All versions
MT6853: All versions
MT6873: All versions
MT6877: All versions
MT6879: All versions
MT6883: All versions
MT6885: All versions
MT6889: All versions
MT6893: All versions
MT6895: All versions
MT6983: All versions
MT8167S: All versions
MT8168: All versions
MT8175: All versions
MT8183: All versions
MT8185: All versions
MT8362A: All versions
MT8365: All versions
MT8385: All versions
MT8667: All versions
MT8675: All versions
MT8696: All versions
MT8766: All versions
MT8768: All versions
MT8786: All versions
MT8788: All versions
MT8789: All versions
MT8791: All versions
MT8797: All versions
External linkshttp://corp.mediatek.com/product-security-bulletin/July-2022
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Out-of-bounds write
EUVDB-ID: #VU65049
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-21782
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
Description The vulnerability allows a malicious application to escalate privileges on the system.
The vulnerability exists due to a boundary error in WLAN driver. A malicious application can trigger an out-of-bounds write and execute arbitrary code with elevated privileges.
MitigationInstall updates from vendor's website.
Vulnerable software versionsMT6761: All versions
MT6779: All versions
MT6781: All versions
MT6833: All versions
MT6853: All versions
MT6873: All versions
MT6877: All versions
MT6879: All versions
MT6883: All versions
MT6885: All versions
MT6889: All versions
MT6893: All versions
MT6895: All versions
MT6983: All versions
MT8167S: All versions
MT8168: All versions
MT8175: All versions
MT8183: All versions
MT8185: All versions
MT8362A: All versions
MT8365: All versions
MT8385: All versions
MT8667: All versions
MT8675: All versions
MT8696: All versions
MT8766: All versions
MT8768: All versions
MT8786: All versions
MT8788: All versions
MT8789: All versions
MT8791: All versions
MT8797: All versions
External linkshttp://corp.mediatek.com/product-security-bulletin/July-2022
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Out-of-bounds write
EUVDB-ID: #VU65048
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-21781
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
Description The vulnerability allows a malicious application to escalate privileges on the system.
The vulnerability exists due to a boundary error in WLAN driver. A malicious application can trigger an out-of-bounds write and execute arbitrary code with elevated privileges.
MitigationInstall updates from vendor's website.
Vulnerable software versionsMT6761: All versions
MT6779: All versions
MT6781: All versions
MT6833: All versions
MT6853: All versions
MT6873: All versions
MT6877: All versions
MT6879: All versions
MT6883: All versions
MT6885: All versions
MT6889: All versions
MT6893: All versions
MT6895: All versions
MT6983: All versions
MT8167S: All versions
MT8168: All versions
MT8175: All versions
MT8183: All versions
MT8185: All versions
MT8362A: All versions
MT8365: All versions
MT8385: All versions
MT8667: All versions
MT8675: All versions
MT8696: All versions
MT8766: All versions
MT8768: All versions
MT8786: All versions
MT8788: All versions
MT8789: All versions
MT8791: All versions
MT8797: All versions
External linkshttp://corp.mediatek.com/product-security-bulletin/July-2022
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Out-of-bounds write
EUVDB-ID: #VU65047
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-21780
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
Description The vulnerability allows a malicious application to escalate privileges on the system.
The vulnerability exists due to a boundary error in WLAN driver. A malicious application can trigger an out-of-bounds write and execute arbitrary code with elevated privileges.
MitigationInstall updates from vendor's website.
Vulnerable software versionsMT6761: All versions
MT6779: All versions
MT6781: All versions
MT6833: All versions
MT6853: All versions
MT6873: All versions
MT6877: All versions
MT6879: All versions
MT6883: All versions
MT6885: All versions
MT6889: All versions
MT6893: All versions
MT6895: All versions
MT6983: All versions
MT8167S: All versions
MT8168: All versions
MT8175: All versions
MT8183: All versions
MT8185: All versions
MT8362A: All versions
MT8365: All versions
MT8385: All versions
MT8667: All versions
MT8675: All versions
MT8696: All versions
MT8766: All versions
MT8768: All versions
MT8786: All versions
MT8788: All versions
MT8789: All versions
MT8791: All versions
MT8797: All versions
External linkshttp://corp.mediatek.com/product-security-bulletin/July-2022
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Out-of-bounds write
EUVDB-ID: #VU65046
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-21779
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
Description The vulnerability allows a malicious application to escalate privileges on the system.
The vulnerability exists due to a boundary error in WLAN driver. A malicious application can trigger an out-of-bounds write and execute arbitrary code with elevated privileges.
MitigationInstall updates from vendor's website.
Vulnerable software versionsMT6761: All versions
MT6779: All versions
MT6781: All versions
MT6833: All versions
MT6853: All versions
MT6873: All versions
MT6877: All versions
MT6879: All versions
MT6883: All versions
MT6885: All versions
MT6889: All versions
MT6893: All versions
MT6895: All versions
MT6983: All versions
MT8167S: All versions
MT8168: All versions
MT8175: All versions
MT8183: All versions
MT8185: All versions
MT8362A: All versions
MT8365: All versions
MT8385: All versions
MT8667: All versions
MT8675: All versions
MT8696: All versions
MT8766: All versions
MT8768: All versions
MT8786: All versions
MT8788: All versions
MT8789: All versions
MT8791: All versions
MT8797: All versions
External linkshttp://corp.mediatek.com/product-security-bulletin/July-2022
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Improper access control
EUVDB-ID: #VU65045
Risk: Low
CVSSv3.1: 6.2 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-21777
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due missing permission check in Autoboot. A local application can execute arbitrary code on the system with elevated privileges.
Install updates from vendor's website.
Vulnerable software versionsMT6580: All versions
MT6735: All versions
MT6739: All versions
MT6761: All versions
MT6765: All versions
MT6768: All versions
MT6771: All versions
MT6779: All versions
MT6785: All versions
MT6833: All versions
MT6853: All versions
MT6873: All versions
MT6875: All versions
MT6877: All versions
MT6879: All versions
MT6885: All versions
MT6891: All versions
MT6893: All versions
MT6895: All versions
MT6983: All versions
MT8167: All versions
MT8167S: All versions
MT8168: All versions
MT8173: All versions
MT8175: All versions
MT8185: All versions
MT8321: All versions
MT8362A: All versions
MT8365: All versions
MT8385: All versions
MT8666: All versions
MT8667: All versions
MT8675: All versions
MT8765: All versions
MT8766: All versions
MT8768: All versions
MT8786: All versions
MT8788: All versions
MT8789: All versions
MT8791: All versions
MT8797: All versions
External linkshttp://corp.mediatek.com/product-security-bulletin/July-2022
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Race condition
EUVDB-ID: #VU65044
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-21776
Exploit availability: No
DescriptionThe vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a race condition in MDP. A local application can exploit the race and escalate privileges on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsMT6580: All versions
MT6739: All versions
MT6761: All versions
MT6765: All versions
MT6768: All versions
MT6771: All versions
MT6779: All versions
MT6781: All versions
MT6785: All versions
MT6789: All versions
MT6833: All versions
MT6853: All versions
MT6873: All versions
MT6877: All versions
MT6879: All versions
MT6883: All versions
MT6885: All versions
MT6889: All versions
MT6893: All versions
MT6895: All versions
MT8163: All versions
MT8167: All versions
MT8167S: All versions
MT8168: All versions
MT8173: All versions
MT8175: All versions
MT8183: All versions
MT8185: All versions
MT8321: All versions
MT8362A: All versions
MT8365: All versions
MT8385: All versions
MT8666: All versions
MT8667: All versions
MT8675: All versions
MT8765: All versions
MT8766: All versions
MT8768: All versions
MT8786: All versions
MT8788: All versions
MT8791: All versions
MT8797: All versions
MT8798: All versions
External linkshttp://corp.mediatek.com/product-security-bulletin/July-2022
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Use-after-free
EUVDB-ID: #VU65043
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-21775
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local application to execute arbitrary code with elevated privileges.
The vulnerability exists due to a use-after-free error caused by improper locking within the sched driver. A local application can execute arbitrary code with elevated privileges.
Install updates from vendor's website.
Vulnerable software versionsMT6761: All versions
MT6762: All versions
MT6763: All versions
MT6765: All versions
MT6768: All versions
MT6769: All versions
MT6771: All versions
MT6779: All versions
MT6781: All versions
MT6785: All versions
MT6789: All versions
MT6795: All versions
MT6797: All versions
MT6799: All versions
MT6833: All versions
MT6853: All versions
MT6853T: All versions
MT6873: All versions
MT6875: All versions
MT6877: All versions
MT6879: All versions
MT6883: All versions
MT6885: All versions
MT6889: All versions
MT6891: All versions
MT6893: All versions
MT6895: All versions
MT8167: All versions
MT8167S: All versions
MT8168: All versions
MT8173: All versions
MT8185: All versions
MT8321: All versions
MT8362A: All versions
MT8365: All versions
MT8385: All versions
MT8666: All versions
MT8675: All versions
MT8768: All versions
MT8786: All versions
MT8788: All versions
MT8789: All versions
MT8791: All versions
MT8797: All versions
External linkshttp://corp.mediatek.com/product-security-bulletin/July-2022
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Race condition
EUVDB-ID: #VU65041
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-21773
Exploit availability: No
DescriptionThe vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a race condition in TEEI driver. A local application can exploit the race and escalate privileges on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsMT6580: All versions
MT6735: All versions
MT6737: All versions
MT6739: All versions
MT6750: All versions
MT6750S: All versions
MT6755: All versions
MT6755S: All versions
MT6761: All versions
MT6762: All versions
MT6763: All versions
MT6765: All versions
MT6768: All versions
MT6769: All versions
MT6771: All versions
MT6779: All versions
MT6781: All versions
MT6785: All versions
MT6789: All versions
MT6795: All versions
MT6797: All versions
MT6833: All versions
MT6853: All versions
MT6853T: All versions
MT6873: All versions
MT6875: All versions
MT6877: All versions
MT6879: All versions
MT6883: All versions
MT6885: All versions
MT6889: All versions
MT6890: All versions
MT6891: All versions
MT6893: All versions
External linkshttp://corp.mediatek.com/product-security-bulletin/July-2022
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Race condition
EUVDB-ID: #VU65026
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-20082
Exploit availability: No
DescriptionThe vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a race condition in GPU component. A local application can exploit the race to trigger a use-after-free error and escalate privileges on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsMT6768: All versions
MT6769: All versions
MT6781: All versions
MT6785: All versions
MT6789: All versions
MT6833: All versions
MT6853: All versions
MT6853T: All versions
MT6873: All versions
MT6875: All versions
MT6877: All versions
MT6879: All versions
MT6883: All versions
MT6885: All versions
MT6889: All versions
MT6893: All versions
MT6895: All versions
MT6983: All versions
External linkshttp://corp.mediatek.com/product-security-bulletin/July-2022
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) Race condition
EUVDB-ID: #VU65040
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-21772
Exploit availability: No
DescriptionThe vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a race condition in TEEI driver. A local application can exploit the race and escalate privileges on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsMT6761: All versions
MT6765: All versions
MT6768: All versions
MT6771: All versions
MT6779: All versions
MT6833: All versions
MT6879: All versions
MT6885: All versions
MT6893: All versions
MT6895: All versions
MT6983: All versions
MT8185: All versions
MT8765: All versions
MT8766: All versions
MT8768: All versions
MT8785: All versions
MT8786: All versions
MT8788: All versions
MT8791: All versions
MT8797: All versions
External linkshttp://corp.mediatek.com/product-security-bulletin/July-2022
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
17) Race condition
EUVDB-ID: #VU65039
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-21771
Exploit availability: No
DescriptionThe vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a race condition in GED driver. A local application can exploit the race to trigger a use-after-free error and escalate privileges on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsMT6580: All versions
MT6735: All versions
MT6737: All versions
MT6739: All versions
MT6753: All versions
MT6761: All versions
MT6765: All versions
MT6768: All versions
MT6771: All versions
MT6779: All versions
MT6781: All versions
MT6785: All versions
MT6789: All versions
MT6833: All versions
MT6853: All versions
MT6853T: All versions
MT6873: All versions
MT6877: All versions
MT6879: All versions
MT6883: All versions
MT6885: All versions
MT6889: All versions
MT6893: All versions
MT6895: All versions
MT6983: All versions
MT8168: All versions
MT8365: All versions
External linkshttp://corp.mediatek.com/product-security-bulletin/July-2022
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
18) UNIX symbolic link following
EUVDB-ID: #VU65038
Risk: Low
CVSSv3.1: 3.3 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-21770
CWE-ID:
CWE-61 - UNIX Symbolic Link (Symlink) Following
Exploit availability: No
DescriptionThe vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to a symlink following issue. A local application can use a specially crafted symbolic link to a critical file on the system and gain access to sensitive information.
Install updates from vendor's website.
Vulnerable software versionsMT6781: All versions
MT6877: All versions
MT6879: All versions
MT6893: All versions
MT6895: All versions
MT6983: All versions
MT8791: All versions
MT8797: All versions
MT8798: All versions
External linkshttp://corp.mediatek.com/product-security-bulletin/July-2022
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
19) Out-of-bounds read
EUVDB-ID: #VU65037
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-21769
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
Description The vulnerability allows a local application to escalate privileges on the system.
Install updates from vendor's website.
Vulnerable software versionsMT6580: All versions
MT6735: All versions
MT6737: All versions
MT6739: All versions
MT6753: All versions
MT6761: All versions
MT6765: All versions
MT6768: All versions
MT6771: All versions
MT6779: All versions
MT6781: All versions
MT6785: All versions
MT6833: All versions
MT6853: All versions
MT6873: All versions
MT6877: All versions
MT6879: All versions
MT6883: All versions
MT6885: All versions
MT6889: All versions
MT6893: All versions
MT6895: All versions
MT6983: All versions
MT8321: All versions
MT8666: All versions
MT8667: All versions
MT8675: All versions
MT8765: All versions
MT8766: All versions
MT8768: All versions
MT8786: All versions
MT8788: All versions
MT8789: All versions
MT8791: All versions
MT8797: All versions
External linkshttp://corp.mediatek.com/product-security-bulletin/July-2022
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
20) Out-of-bounds write
EUVDB-ID: #VU65036
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-21766
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
Description The vulnerability allows a local application to escalate privileges on the system.
Install updates from vendor's website.
Vulnerable software versionsMT6580: All versions
MT6735: All versions
MT6737: All versions
MT6739: All versions
MT6753: All versions
MT6761: All versions
MT6765: All versions
MT6768: All versions
MT6771: All versions
MT6779: All versions
MT6781: All versions
MT6785: All versions
MT6833: All versions
MT6853: All versions
MT6873: All versions
MT6877: All versions
MT6879: All versions
MT6883: All versions
MT6885: All versions
MT6889: All versions
MT6893: All versions
MT6895: All versions
MT6983: All versions
MT8321: All versions
MT8666: All versions
MT8667: All versions
MT8675: All versions
MT8765: All versions
MT8766: All versions
MT8768: All versions
MT8786: All versions
MT8788: All versions
MT8789: All versions
MT8791: All versions
MT8797: All versions
External linkshttp://corp.mediatek.com/product-security-bulletin/July-2022
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
21) Out-of-bounds write
EUVDB-ID: #VU65034
Risk: Low
CVSSv3.1: 6.1 [CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-21765
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
Description The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a boundary error in CCCI. A malicious application can execute arbitrary code with elevated privileges.
Install updates from vendor's website.
Vulnerable software versionsMT6580: All versions
MT6735: All versions
MT6737: All versions
MT6739: All versions
MT6753: All versions
MT6761: All versions
MT6765: All versions
MT6768: All versions
MT6771: All versions
MT6779: All versions
MT6781: All versions
MT6785: All versions
MT6833: All versions
MT6853: All versions
MT6873: All versions
MT6877: All versions
MT6879: All versions
MT6883: All versions
MT6885: All versions
MT6889: All versions
MT6893: All versions
MT6895: All versions
MT6983: All versions
MT8321: All versions
MT8666: All versions
MT8667: All versions
MT8675: All versions
MT8765: All versions
MT8766: All versions
MT8768: All versions
MT8786: All versions
MT8788: All versions
MT8789: All versions
MT8791: All versions
MT8797: All versions
External linkshttp://corp.mediatek.com/product-security-bulletin/July-2022
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
22) Heap-based buffer overflow
EUVDB-ID: #VU65032
Risk: Low
CVSSv3.1: 5.9 [CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-21768
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows an attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within Bluetooth implementation. A remote attacker with physical proximity to device can trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsMT8167S: All versions
MT8175: All versions
MT8183: All versions
MT8362A: All versions
MT8365: All versions
MT8385: All versions
External linkshttp://corp.mediatek.com/product-security-bulletin/July-2022
Q & A
Can this vulnerability be exploited remotely?
No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
23) Heap-based buffer overflow
EUVDB-ID: #VU65031
Risk: Low
CVSSv3.1: 5.9 [CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-21767
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows an attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within Bluetooth implementation. A remote attacker with physical proximity to device can trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsMT8167: All versions
MT8175: All versions
MT8183: All versions
MT8362A: All versions
MT8365: All versions
MT8385: All versions
External linkshttp://corp.mediatek.com/product-security-bulletin/July-2022
Q & A
Can this vulnerability be exploited remotely?
No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
24) Out-of-bounds write
EUVDB-ID: #VU65030
Risk: High
CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-20083
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error in Modem 2G/3G CC when decoding combined FACILITY. A remote attacker can send specially crafted packets to the device, trigger an out-of-bounds write and execute arbitrary code on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsMT2731: All versions
MT2735: All versions
MT6297: All versions
MT6725: All versions
MT6735: All versions
MT6737: All versions
MT6739: All versions
MT6750: All versions
MT6750S: All versions
MT6755: All versions
MT6757: All versions
MT6757P: All versions
MT6758: All versions
MT6761: All versions
MT6762: All versions
MT6762D: All versions
MT6762M: All versions
MT6763: All versions
MT6765: All versions
MT6765T: All versions
MT6767: All versions
MT6768: All versions
MT6769: All versions
MT6769T: All versions
MT6769Z: All versions
MT6771: All versions
MT6775: All versions
MT6779: All versions
MT6781: All versions
MT6783: All versions
MT6785: All versions
MT6785T: All versions
MT6789: All versions
MT6797: All versions
MT6799: All versions
MT6833: All versions
MT6853: All versions
MT6855: All versions
MT6873: All versions
MT6875: All versions
MT6877: All versions
MT6879: All versions
MT6880: All versions
MT6883: All versions
MT6885: All versions
MT6889: All versions
MT6890: All versions
MT6891: All versions
MT6893: All versions
MT6895: All versions
MT6983: All versions
MT8666: All versions
MT8667: All versions
MT8675: All versions
MT8735A: All versions
MT8735B: All versions
MT8765: All versions
MT8766: All versions
MT8768: All versions
MT8771: All versions
MT8781: All versions
MT8786: All versions
MT8788: All versions
MT8789: All versions
MT8791: All versions
MT8797: All versions
External linkshttp://corp.mediatek.com/product-security-bulletin/July-2022
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
25) Out-of-bounds write
EUVDB-ID: #VU65029
Risk: High
CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-21744
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted input in Modem 2G RR when decoding GPRS Packet Neighbour Cell Data (PNCD). A remote attacker can send specially crafted packets to the device, trigger an out-of-bounds write and execute arbitrary code on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsMT2731: All versions
MT2735: All versions
MT6297: All versions
MT6725: All versions
MT6735: All versions
MT6737: All versions
MT6739: All versions
MT6750: All versions
MT6750S: All versions
MT6755: All versions
MT6757: All versions
MT6757P: All versions
MT6758: All versions
MT6761: All versions
MT6762: All versions
MT6762D: All versions
MT6762M: All versions
MT6763: All versions
MT6765: All versions
MT6765T: All versions
MT6767: All versions
MT6768: All versions
MT6769: All versions
MT6769T: All versions
MT6769Z: All versions
MT6771: All versions
MT6775: All versions
MT6779: All versions
MT6781: All versions
MT6783: All versions
MT6785: All versions
MT6785T: All versions
MT6789: All versions
MT6797: All versions
MT6799: All versions
MT6833: All versions
MT6853: All versions
MT6855: All versions
MT6873: All versions
MT6875: All versions
MT6877: All versions
MT6879: All versions
MT6880: All versions
MT6883: All versions
MT6885: All versions
MT6889: All versions
MT6890: All versions
MT6891: All versions
MT6893: All versions
MT6895: All versions
MT6983: All versions
MT8666: All versions
MT8667: All versions
MT8675: All versions
MT8735A: All versions
MT8735B: All versions
MT8765: All versions
MT8766: All versions
MT8768: All versions
MT8771: All versions
MT8781: All versions
MT8786: All versions
MT8788: All versions
MT8789: All versions
MT8791: All versions
MT8797: All versions
External linkshttp://corp.mediatek.com/product-security-bulletin/July-2022
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
26) Improper access control
EUVDB-ID: #VU65028
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-21764
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a local application to gain access to sensitive information.
Install updates from vendor's website.
Vulnerable software versionsMT6739: All versions
MT6761: All versions
MT6762: All versions
MT6763: All versions
MT6765: All versions
MT6768: All versions
MT6769: All versions
MT6771: All versions
MT6779: All versions
MT6781: All versions
MT6785: All versions
MT6789: All versions
MT6795: All versions
MT6797: All versions
MT6799: All versions
MT6833: All versions
MT6853: All versions
MT6853T: All versions
MT6873: All versions
MT6875: All versions
MT6877: All versions
MT6879: All versions
MT6880: All versions
MT6883: All versions
MT6885: All versions
MT6889: All versions
MT6890: All versions
MT6891: All versions
MT6893: All versions
MT6895: All versions
MT6983: All versions
MT6985: All versions
MT8321: All versions
MT8666: All versions
MT8667: All versions
MT8675: All versions
MT8765: All versions
MT8766: All versions
MT8768: All versions
MT8786: All versions
MT8788: All versions
MT8789: All versions
MT8791: All versions
MT8797: All versions
External linkshttp://corp.mediatek.com/product-security-bulletin/July-2022
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
27) Improper access control
EUVDB-ID: #VU65027
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-21763
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper access restrictions in telecom service. A local application can obtain potentially sensitive information.
Install updates from vendor's website.
Vulnerable software versionsMT6739: All versions
MT6761: All versions
MT6762: All versions
MT6763: All versions
MT6765: All versions
MT6768: All versions
MT6769: All versions
MT6771: All versions
MT6779: All versions
MT6781: All versions
MT6785: All versions
MT6789: All versions
MT6795: All versions
MT6797: All versions
MT6799: All versions
MT6833: All versions
MT6853: All versions
MT6853T: All versions
MT6873: All versions
MT6875: All versions
MT6877: All versions
MT6879: All versions
MT6880: All versions
MT6883: All versions
MT6885: All versions
MT6889: All versions
MT6890: All versions
MT6891: All versions
MT6893: All versions
MT6895: All versions
MT6983: All versions
MT6985: All versions
MT8321: All versions
MT8666: All versions
MT8667: All versions
MT8675: All versions
MT8765: All versions
MT8766: All versions
MT8768: All versions
MT8786: All versions
MT8788: All versions
MT8789: All versions
MT8791: All versions
MT8797: All versions
External linkshttp://corp.mediatek.com/product-security-bulletin/July-2022
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
