Risk | High |
Patch available | YES |
Number of vulnerabilities | 27 |
CVE-ID | CVE-2022-21774 CVE-2022-21787 CVE-2022-21786 CVE-2022-21785 CVE-2022-21784 CVE-2022-21783 CVE-2022-21782 CVE-2022-21781 CVE-2022-21780 CVE-2022-21779 CVE-2022-21777 CVE-2022-21776 CVE-2022-21775 CVE-2022-21773 CVE-2022-20082 CVE-2022-21772 CVE-2022-21771 CVE-2022-21770 CVE-2022-21769 CVE-2022-21766 CVE-2022-21765 CVE-2022-21768 CVE-2022-21767 CVE-2022-20083 CVE-2022-21744 CVE-2022-21764 CVE-2022-21763 |
CWE-ID | CWE-362 CWE-787 CWE-704 CWE-284 CWE-416 CWE-61 CWE-125 CWE-122 |
Exploitation vector | Network |
Public exploit | N/A |
Vulnerable software |
MT6761 Mobile applications / Mobile firmware & hardware MT6765 Mobile applications / Mobile firmware & hardware MT6768 Mobile applications / Mobile firmware & hardware MT6771 Mobile applications / Mobile firmware & hardware MT6833 Mobile applications / Mobile firmware & hardware MT6879 Mobile applications / Mobile firmware & hardware MT6895 Mobile applications / Mobile firmware & hardware MT6983 Mobile applications / Mobile firmware & hardware MT8791 Mobile applications / Mobile firmware & hardware MT8798 Mobile applications / Mobile firmware & hardware MT8167S Mobile applications / Mobile firmware & hardware MT8168 Mobile applications / Mobile firmware & hardware MT8175 Mobile applications / Mobile firmware & hardware MT8183 Mobile applications / Mobile firmware & hardware MT8185 Mobile applications / Mobile firmware & hardware MT8362A Mobile applications / Mobile firmware & hardware MT8365 Mobile applications / Mobile firmware & hardware MT8385 Mobile applications / Mobile firmware & hardware MT8667 Mobile applications / Mobile firmware & hardware MT8675 Mobile applications / Mobile firmware & hardware MT8695 Mobile applications / Mobile firmware & hardware MT8696 Mobile applications / Mobile firmware & hardware MT8766 Mobile applications / Mobile firmware & hardware MT8768 Mobile applications / Mobile firmware & hardware MT8786 Mobile applications / Mobile firmware & hardware MT8788 Mobile applications / Mobile firmware & hardware MT8789 Mobile applications / Mobile firmware & hardware MT6580 Mobile applications / Mobile firmware & hardware MT6735 Mobile applications / Mobile firmware & hardware MT6739 Mobile applications / Mobile firmware & hardware MT8167 Mobile applications / Mobile firmware & hardware MT8173 Mobile applications / Mobile firmware & hardware MT8321 Mobile applications / Mobile firmware & hardware MT8666 Mobile applications / Mobile firmware & hardware MT8765 Mobile applications / Mobile firmware & hardware MT6789 Mobile applications / Mobile firmware & hardware MT8163 Mobile applications / Mobile firmware & hardware MT6762 Mobile applications / Mobile firmware & hardware MT6763 Mobile applications / Mobile firmware & hardware MT6769 Mobile applications / Mobile firmware & hardware MT6795 Mobile applications / Mobile firmware & hardware MT6797 Mobile applications / Mobile firmware & hardware MT6799 Mobile applications / Mobile firmware & hardware MT6737 Mobile applications / Mobile firmware & hardware MT6750 Mobile applications / Mobile firmware & hardware MT6750S Mobile applications / Mobile firmware & hardware MT6755 Mobile applications / Mobile firmware & hardware MT6755S Mobile applications / Mobile firmware & hardware MT6890 Mobile applications / Mobile firmware & hardware MT8785 Mobile applications / Mobile firmware & hardware MT6753 Mobile applications / Mobile firmware & hardware MT2731 Mobile applications / Mobile firmware & hardware MT2735 Mobile applications / Mobile firmware & hardware MT6297 Mobile applications / Mobile firmware & hardware MT6725 Mobile applications / Mobile firmware & hardware MT6757 Mobile applications / Mobile firmware & hardware MT6757P Mobile applications / Mobile firmware & hardware MT6758 Mobile applications / Mobile firmware & hardware MT6762D Mobile applications / Mobile firmware & hardware MT6762M Mobile applications / Mobile firmware & hardware MT6765T Mobile applications / Mobile firmware & hardware MT6767 Mobile applications / Mobile firmware & hardware MT6769T Mobile applications / Mobile firmware & hardware MT6769Z Mobile applications / Mobile firmware & hardware MT6775 Mobile applications / Mobile firmware & hardware MT6783 Mobile applications / Mobile firmware & hardware MT6785T Mobile applications / Mobile firmware & hardware MT6855 Mobile applications / Mobile firmware & hardware MT6880 Mobile applications / Mobile firmware & hardware MT8735A Mobile applications / Mobile firmware & hardware MT8735B Mobile applications / Mobile firmware & hardware MT8771 Mobile applications / Mobile firmware & hardware MT8781 Mobile applications / Mobile firmware & hardware MT6985 Mobile applications / Mobile firmware & hardware MT6779 Hardware solutions / Firmware MT6781 Hardware solutions / Firmware MT6785 Hardware solutions / Firmware MT6853 Hardware solutions / Firmware MT6875 Hardware solutions / Firmware MT6877 Hardware solutions / Firmware MT6885 Hardware solutions / Firmware MT6893 Hardware solutions / Firmware MT6873 Hardware solutions / Firmware MT8797 Hardware solutions / Firmware MT6883 Hardware solutions / Firmware MT6889 Hardware solutions / Firmware MT6891 Hardware solutions / Firmware MT6853T Hardware solutions / Firmware |
Vendor | MediaTek |
Security Bulletin
This security bulletin contains information about 27 vulnerabilities.
EUVDB-ID: #VU65042
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-21774
Exploit availability: No
DescriptionThe vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a race condition in TEEI driver. A local application can exploit the race and escalate privileges on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsMT6761: All versions
MT6765: All versions
MT6768: All versions
MT6771: All versions
MT6779: All versions
MT6781: All versions
MT6785: All versions
MT6833: All versions
MT6853: All versions
MT6875: All versions
MT6877: All versions
MT6879: All versions
MT6885: All versions
MT6893: All versions
MT6895: All versions
MT6983: All versions
CPE2.3http://corp.mediatek.com/product-security-bulletin/July-2022
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU65055
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-21787
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
Description The vulnerability allows a malicious application to escalate privileges on the system.
The vulnerability exists due to a boundary error in audio DSP. A malicious application can trigger an out-of-bounds write and execute arbitrary code with elevated privileges.
MitigationInstall updates from vendor's website.
Vulnerable software versionsMT6833: All versions
MT6853: All versions
MT6873: All versions
MT6877: All versions
MT6879: All versions
MT6885: All versions
MT6893: All versions
MT6895: All versions
MT6983: All versions
MT8791: All versions
MT8797: All versions
MT8798: All versions
CPE2.3http://corp.mediatek.com/product-security-bulletin/July-2022
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU65053
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-21786
CWE-ID:
CWE-704 - Type conversion
Exploit availability: No
DescriptionThe vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a type conversion error in audio DSP. A local application can trigger memory corruption and execute arbitrary code with elevated privileges.
Install updates from vendor's website.
Vulnerable software versionsMT6833: All versions
MT6853: All versions
MT6873: All versions
MT6877: All versions
MT6879: All versions
MT6885: All versions
MT6893: All versions
MT6895: All versions
MT6983: All versions
MT8791: All versions
MT8797: All versions
MT8798: All versions
CPE2.3http://corp.mediatek.com/product-security-bulletin/July-2022
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU65052
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-21785
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
Description The vulnerability allows a malicious application to escalate privileges on the system.
The vulnerability exists due to a boundary error in WLAN driver. A malicious application can trigger an out-of-bounds write and execute arbitrary code with elevated privileges.
MitigationInstall updates from vendor's website.
Vulnerable software versionsMT6877: All versions
MT6983: All versions
MT8167S: All versions
MT8168: All versions
MT8175: All versions
MT8183: All versions
MT8185: All versions
MT8362A: All versions
MT8365: All versions
MT8385: All versions
MT8667: All versions
MT8675: All versions
MT8695: All versions
MT8696: All versions
MT8766: All versions
MT8768: All versions
MT8786: All versions
MT8788: All versions
MT8789: All versions
MT8791: All versions
MT8797: All versions
CPE2.3http://corp.mediatek.com/product-security-bulletin/July-2022
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU65051
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-21784
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
Description The vulnerability allows a malicious application to escalate privileges on the system.
The vulnerability exists due to a boundary error in WLAN driver. A malicious application can trigger an out-of-bounds write and execute arbitrary code with elevated privileges.
MitigationInstall updates from vendor's website.
Vulnerable software versionsMT6761: All versions
MT6779: All versions
MT6781: All versions
MT6833: All versions
MT6853: All versions
MT6873: All versions
MT6877: All versions
MT6879: All versions
MT6883: All versions
MT6885: All versions
MT6889: All versions
MT6893: All versions
MT6895: All versions
MT6983: All versions
MT8167S: All versions
MT8168: All versions
MT8175: All versions
MT8183: All versions
MT8185: All versions
MT8362A: All versions
MT8365: All versions
MT8385: All versions
MT8667: All versions
MT8675: All versions
MT8696: All versions
MT8766: All versions
MT8768: All versions
MT8786: All versions
MT8788: All versions
MT8789: All versions
MT8791: All versions
MT8797: All versions
CPE2.3http://corp.mediatek.com/product-security-bulletin/July-2022
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU65050
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-21783
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
Description The vulnerability allows a malicious application to escalate privileges on the system.
The vulnerability exists due to a boundary error in WLAN driver. A malicious application can trigger an out-of-bounds write and execute arbitrary code with elevated privileges.
MitigationInstall updates from vendor's website.
Vulnerable software versionsMT6761: All versions
MT6779: All versions
MT6781: All versions
MT6833: All versions
MT6853: All versions
MT6873: All versions
MT6877: All versions
MT6879: All versions
MT6883: All versions
MT6885: All versions
MT6889: All versions
MT6893: All versions
MT6895: All versions
MT6983: All versions
MT8167S: All versions
MT8168: All versions
MT8175: All versions
MT8183: All versions
MT8185: All versions
MT8362A: All versions
MT8365: All versions
MT8385: All versions
MT8667: All versions
MT8675: All versions
MT8696: All versions
MT8766: All versions
MT8768: All versions
MT8786: All versions
MT8788: All versions
MT8789: All versions
MT8791: All versions
MT8797: All versions
CPE2.3http://corp.mediatek.com/product-security-bulletin/July-2022
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU65049
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-21782
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
Description The vulnerability allows a malicious application to escalate privileges on the system.
The vulnerability exists due to a boundary error in WLAN driver. A malicious application can trigger an out-of-bounds write and execute arbitrary code with elevated privileges.
MitigationInstall updates from vendor's website.
Vulnerable software versionsMT6761: All versions
MT6779: All versions
MT6781: All versions
MT6833: All versions
MT6853: All versions
MT6873: All versions
MT6877: All versions
MT6879: All versions
MT6883: All versions
MT6885: All versions
MT6889: All versions
MT6893: All versions
MT6895: All versions
MT6983: All versions
MT8167S: All versions
MT8168: All versions
MT8175: All versions
MT8183: All versions
MT8185: All versions
MT8362A: All versions
MT8365: All versions
MT8385: All versions
MT8667: All versions
MT8675: All versions
MT8696: All versions
MT8766: All versions
MT8768: All versions
MT8786: All versions
MT8788: All versions
MT8789: All versions
MT8791: All versions
MT8797: All versions
CPE2.3http://corp.mediatek.com/product-security-bulletin/July-2022
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU65048
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-21781
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
Description The vulnerability allows a malicious application to escalate privileges on the system.
The vulnerability exists due to a boundary error in WLAN driver. A malicious application can trigger an out-of-bounds write and execute arbitrary code with elevated privileges.
MitigationInstall updates from vendor's website.
Vulnerable software versionsMT6761: All versions
MT6779: All versions
MT6781: All versions
MT6833: All versions
MT6853: All versions
MT6873: All versions
MT6877: All versions
MT6879: All versions
MT6883: All versions
MT6885: All versions
MT6889: All versions
MT6893: All versions
MT6895: All versions
MT6983: All versions
MT8167S: All versions
MT8168: All versions
MT8175: All versions
MT8183: All versions
MT8185: All versions
MT8362A: All versions
MT8365: All versions
MT8385: All versions
MT8667: All versions
MT8675: All versions
MT8696: All versions
MT8766: All versions
MT8768: All versions
MT8786: All versions
MT8788: All versions
MT8789: All versions
MT8791: All versions
MT8797: All versions
CPE2.3http://corp.mediatek.com/product-security-bulletin/July-2022
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU65047
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-21780
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
Description The vulnerability allows a malicious application to escalate privileges on the system.
The vulnerability exists due to a boundary error in WLAN driver. A malicious application can trigger an out-of-bounds write and execute arbitrary code with elevated privileges.
MitigationInstall updates from vendor's website.
Vulnerable software versionsMT6761: All versions
MT6779: All versions
MT6781: All versions
MT6833: All versions
MT6853: All versions
MT6873: All versions
MT6877: All versions
MT6879: All versions
MT6883: All versions
MT6885: All versions
MT6889: All versions
MT6893: All versions
MT6895: All versions
MT6983: All versions
MT8167S: All versions
MT8168: All versions
MT8175: All versions
MT8183: All versions
MT8185: All versions
MT8362A: All versions
MT8365: All versions
MT8385: All versions
MT8667: All versions
MT8675: All versions
MT8696: All versions
MT8766: All versions
MT8768: All versions
MT8786: All versions
MT8788: All versions
MT8789: All versions
MT8791: All versions
MT8797: All versions
CPE2.3http://corp.mediatek.com/product-security-bulletin/July-2022
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU65046
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-21779
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
Description The vulnerability allows a malicious application to escalate privileges on the system.
The vulnerability exists due to a boundary error in WLAN driver. A malicious application can trigger an out-of-bounds write and execute arbitrary code with elevated privileges.
MitigationInstall updates from vendor's website.
Vulnerable software versionsMT6761: All versions
MT6779: All versions
MT6781: All versions
MT6833: All versions
MT6853: All versions
MT6873: All versions
MT6877: All versions
MT6879: All versions
MT6883: All versions
MT6885: All versions
MT6889: All versions
MT6893: All versions
MT6895: All versions
MT6983: All versions
MT8167S: All versions
MT8168: All versions
MT8175: All versions
MT8183: All versions
MT8185: All versions
MT8362A: All versions
MT8365: All versions
MT8385: All versions
MT8667: All versions
MT8675: All versions
MT8696: All versions
MT8766: All versions
MT8768: All versions
MT8786: All versions
MT8788: All versions
MT8789: All versions
MT8791: All versions
MT8797: All versions
CPE2.3http://corp.mediatek.com/product-security-bulletin/July-2022
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU65045
Risk: Low
CVSSv3.1: 6.2 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-21777
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due missing permission check in Autoboot. A local application can execute arbitrary code on the system with elevated privileges.
Install updates from vendor's website.
Vulnerable software versionsMT6580: All versions
MT6735: All versions
MT6739: All versions
MT6761: All versions
MT6765: All versions
MT6768: All versions
MT6771: All versions
MT6779: All versions
MT6785: All versions
MT6833: All versions
MT6853: All versions
MT6873: All versions
MT6875: All versions
MT6877: All versions
MT6879: All versions
MT6885: All versions
MT6891: All versions
MT6893: All versions
MT6895: All versions
MT6983: All versions
MT8167: All versions
MT8167S: All versions
MT8168: All versions
MT8173: All versions
MT8175: All versions
MT8185: All versions
MT8321: All versions
MT8362A: All versions
MT8365: All versions
MT8385: All versions
MT8666: All versions
MT8667: All versions
MT8675: All versions
MT8765: All versions
MT8766: All versions
MT8768: All versions
MT8786: All versions
MT8788: All versions
MT8789: All versions
MT8791: All versions
MT8797: All versions
CPE2.3http://corp.mediatek.com/product-security-bulletin/July-2022
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU65044
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-21776
Exploit availability: No
DescriptionThe vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a race condition in MDP. A local application can exploit the race and escalate privileges on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsMT6580: All versions
MT6739: All versions
MT6761: All versions
MT6765: All versions
MT6768: All versions
MT6771: All versions
MT6779: All versions
MT6781: All versions
MT6785: All versions
MT6789: All versions
MT6833: All versions
MT6853: All versions
MT6873: All versions
MT6877: All versions
MT6879: All versions
MT6883: All versions
MT6885: All versions
MT6889: All versions
MT6893: All versions
MT6895: All versions
MT8163: All versions
MT8167: All versions
MT8167S: All versions
MT8168: All versions
MT8173: All versions
MT8175: All versions
MT8183: All versions
MT8185: All versions
MT8321: All versions
MT8362A: All versions
MT8365: All versions
MT8385: All versions
MT8666: All versions
MT8667: All versions
MT8675: All versions
MT8765: All versions
MT8766: All versions
MT8768: All versions
MT8786: All versions
MT8788: All versions
MT8791: All versions
MT8797: All versions
MT8798: All versions
CPE2.3http://corp.mediatek.com/product-security-bulletin/July-2022
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU65043
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-21775
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local application to execute arbitrary code with elevated privileges.
The vulnerability exists due to a use-after-free error caused by improper locking within the sched driver. A local application can execute arbitrary code with elevated privileges.
Install updates from vendor's website.
Vulnerable software versionsMT6761: All versions
MT6762: All versions
MT6763: All versions
MT6765: All versions
MT6768: All versions
MT6769: All versions
MT6771: All versions
MT6779: All versions
MT6781: All versions
MT6785: All versions
MT6789: All versions
MT6795: All versions
MT6797: All versions
MT6799: All versions
MT6833: All versions
MT6853: All versions
MT6853T: All versions
MT6873: All versions
MT6875: All versions
MT6877: All versions
MT6879: All versions
MT6883: All versions
MT6885: All versions
MT6889: All versions
MT6891: All versions
MT6893: All versions
MT6895: All versions
MT8167: All versions
MT8167S: All versions
MT8168: All versions
MT8173: All versions
MT8185: All versions
MT8321: All versions
MT8362A: All versions
MT8365: All versions
MT8385: All versions
MT8666: All versions
MT8675: All versions
MT8768: All versions
MT8786: All versions
MT8788: All versions
MT8789: All versions
MT8791: All versions
MT8797: All versions
CPE2.3http://corp.mediatek.com/product-security-bulletin/July-2022
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU65041
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-21773
Exploit availability: No
DescriptionThe vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a race condition in TEEI driver. A local application can exploit the race and escalate privileges on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsMT6580: All versions
MT6735: All versions
MT6737: All versions
MT6739: All versions
MT6750: All versions
MT6750S: All versions
MT6755: All versions
MT6755S: All versions
MT6761: All versions
MT6762: All versions
MT6763: All versions
MT6765: All versions
MT6768: All versions
MT6769: All versions
MT6771: All versions
MT6779: All versions
MT6781: All versions
MT6785: All versions
MT6789: All versions
MT6795: All versions
MT6797: All versions
MT6833: All versions
MT6853: All versions
MT6853T: All versions
MT6873: All versions
MT6875: All versions
MT6877: All versions
MT6879: All versions
MT6883: All versions
MT6885: All versions
MT6889: All versions
MT6890: All versions
MT6891: All versions
MT6893: All versions
CPE2.3http://corp.mediatek.com/product-security-bulletin/July-2022
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU65026
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-20082
Exploit availability: No
DescriptionThe vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a race condition in GPU component. A local application can exploit the race to trigger a use-after-free error and escalate privileges on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsMT6768: All versions
MT6769: All versions
MT6781: All versions
MT6785: All versions
MT6789: All versions
MT6833: All versions
MT6853: All versions
MT6853T: All versions
MT6873: All versions
MT6875: All versions
MT6877: All versions
MT6879: All versions
MT6883: All versions
MT6885: All versions
MT6889: All versions
MT6893: All versions
MT6895: All versions
MT6983: All versions
CPE2.3http://corp.mediatek.com/product-security-bulletin/July-2022
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU65040
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-21772
Exploit availability: No
DescriptionThe vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a race condition in TEEI driver. A local application can exploit the race and escalate privileges on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsMT6761: All versions
MT6765: All versions
MT6768: All versions
MT6771: All versions
MT6779: All versions
MT6833: All versions
MT6879: All versions
MT6885: All versions
MT6893: All versions
MT6895: All versions
MT6983: All versions
MT8185: All versions
MT8765: All versions
MT8766: All versions
MT8768: All versions
MT8785: All versions
MT8786: All versions
MT8788: All versions
MT8791: All versions
MT8797: All versions
CPE2.3http://corp.mediatek.com/product-security-bulletin/July-2022
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU65039
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-21771
Exploit availability: No
DescriptionThe vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a race condition in GED driver. A local application can exploit the race to trigger a use-after-free error and escalate privileges on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsMT6580: All versions
MT6735: All versions
MT6737: All versions
MT6739: All versions
MT6753: All versions
MT6761: All versions
MT6765: All versions
MT6768: All versions
MT6771: All versions
MT6779: All versions
MT6781: All versions
MT6785: All versions
MT6789: All versions
MT6833: All versions
MT6853: All versions
MT6853T: All versions
MT6873: All versions
MT6877: All versions
MT6879: All versions
MT6883: All versions
MT6885: All versions
MT6889: All versions
MT6893: All versions
MT6895: All versions
MT6983: All versions
MT8168: All versions
MT8365: All versions
CPE2.3http://corp.mediatek.com/product-security-bulletin/July-2022
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU65038
Risk: Low
CVSSv3.1: 3.3 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-21770
CWE-ID:
CWE-61 - UNIX Symbolic Link (Symlink) Following
Exploit availability: No
DescriptionThe vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to a symlink following issue. A local application can use a specially crafted symbolic link to a critical file on the system and gain access to sensitive information.
Install updates from vendor's website.
Vulnerable software versionsMT6781: All versions
MT6877: All versions
MT6879: All versions
MT6893: All versions
MT6895: All versions
MT6983: All versions
MT8791: All versions
MT8797: All versions
MT8798: All versions
CPE2.3http://corp.mediatek.com/product-security-bulletin/July-2022
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU65037
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-21769
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
Description The vulnerability allows a local application to escalate privileges on the system.
Install updates from vendor's website.
Vulnerable software versionsMT6580: All versions
MT6735: All versions
MT6737: All versions
MT6739: All versions
MT6753: All versions
MT6761: All versions
MT6765: All versions
MT6768: All versions
MT6771: All versions
MT6779: All versions
MT6781: All versions
MT6785: All versions
MT6833: All versions
MT6853: All versions
MT6873: All versions
MT6877: All versions
MT6879: All versions
MT6883: All versions
MT6885: All versions
MT6889: All versions
MT6893: All versions
MT6895: All versions
MT6983: All versions
MT8321: All versions
MT8666: All versions
MT8667: All versions
MT8675: All versions
MT8765: All versions
MT8766: All versions
MT8768: All versions
MT8786: All versions
MT8788: All versions
MT8789: All versions
MT8791: All versions
MT8797: All versions
CPE2.3http://corp.mediatek.com/product-security-bulletin/July-2022
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU65036
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-21766
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
Description The vulnerability allows a local application to escalate privileges on the system.
Install updates from vendor's website.
Vulnerable software versionsMT6580: All versions
MT6735: All versions
MT6737: All versions
MT6739: All versions
MT6753: All versions
MT6761: All versions
MT6765: All versions
MT6768: All versions
MT6771: All versions
MT6779: All versions
MT6781: All versions
MT6785: All versions
MT6833: All versions
MT6853: All versions
MT6873: All versions
MT6877: All versions
MT6879: All versions
MT6883: All versions
MT6885: All versions
MT6889: All versions
MT6893: All versions
MT6895: All versions
MT6983: All versions
MT8321: All versions
MT8666: All versions
MT8667: All versions
MT8675: All versions
MT8765: All versions
MT8766: All versions
MT8768: All versions
MT8786: All versions
MT8788: All versions
MT8789: All versions
MT8791: All versions
MT8797: All versions
CPE2.3http://corp.mediatek.com/product-security-bulletin/July-2022
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU65034
Risk: Low
CVSSv3.1: 6.1 [CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-21765
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
Description The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a boundary error in CCCI. A malicious application can execute arbitrary code with elevated privileges.
Install updates from vendor's website.
Vulnerable software versionsMT6580: All versions
MT6735: All versions
MT6737: All versions
MT6739: All versions
MT6753: All versions
MT6761: All versions
MT6765: All versions
MT6768: All versions
MT6771: All versions
MT6779: All versions
MT6781: All versions
MT6785: All versions
MT6833: All versions
MT6853: All versions
MT6873: All versions
MT6877: All versions
MT6879: All versions
MT6883: All versions
MT6885: All versions
MT6889: All versions
MT6893: All versions
MT6895: All versions
MT6983: All versions
MT8321: All versions
MT8666: All versions
MT8667: All versions
MT8675: All versions
MT8765: All versions
MT8766: All versions
MT8768: All versions
MT8786: All versions
MT8788: All versions
MT8789: All versions
MT8791: All versions
MT8797: All versions
CPE2.3http://corp.mediatek.com/product-security-bulletin/July-2022
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU65032
Risk: Low
CVSSv3.1: 5.9 [CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-21768
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows an attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within Bluetooth implementation. A remote attacker with physical proximity to device can trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsMT8167S: All versions
MT8175: All versions
MT8183: All versions
MT8362A: All versions
MT8365: All versions
MT8385: All versions
CPE2.3http://corp.mediatek.com/product-security-bulletin/July-2022
Q & A
Can this vulnerability be exploited remotely?
No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU65031
Risk: Low
CVSSv3.1: 5.9 [CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-21767
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows an attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within Bluetooth implementation. A remote attacker with physical proximity to device can trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsMT8167: All versions
MT8175: All versions
MT8183: All versions
MT8362A: All versions
MT8365: All versions
MT8385: All versions
CPE2.3http://corp.mediatek.com/product-security-bulletin/July-2022
Q & A
Can this vulnerability be exploited remotely?
No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU65030
Risk: High
CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-20083
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error in Modem 2G/3G CC when decoding combined FACILITY. A remote attacker can send specially crafted packets to the device, trigger an out-of-bounds write and execute arbitrary code on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsMT2731: All versions
MT2735: All versions
MT6297: All versions
MT6725: All versions
MT6735: All versions
MT6737: All versions
MT6739: All versions
MT6750: All versions
MT6750S: All versions
MT6755: All versions
MT6757: All versions
MT6757P: All versions
MT6758: All versions
MT6761: All versions
MT6762: All versions
MT6762D: All versions
MT6762M: All versions
MT6763: All versions
MT6765: All versions
MT6765T: All versions
MT6767: All versions
MT6768: All versions
MT6769: All versions
MT6769T: All versions
MT6769Z: All versions
MT6771: All versions
MT6775: All versions
MT6779: All versions
MT6781: All versions
MT6783: All versions
MT6785: All versions
MT6785T: All versions
MT6789: All versions
MT6797: All versions
MT6799: All versions
MT6833: All versions
MT6853: All versions
MT6855: All versions
MT6873: All versions
MT6875: All versions
MT6877: All versions
MT6879: All versions
MT6880: All versions
MT6883: All versions
MT6885: All versions
MT6889: All versions
MT6890: All versions
MT6891: All versions
MT6893: All versions
MT6895: All versions
MT6983: All versions
MT8666: All versions
MT8667: All versions
MT8675: All versions
MT8735A: All versions
MT8735B: All versions
MT8765: All versions
MT8766: All versions
MT8768: All versions
MT8771: All versions
MT8781: All versions
MT8786: All versions
MT8788: All versions
MT8789: All versions
MT8791: All versions
MT8797: All versions
CPE2.3http://corp.mediatek.com/product-security-bulletin/July-2022
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU65029
Risk: High
CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-21744
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted input in Modem 2G RR when decoding GPRS Packet Neighbour Cell Data (PNCD). A remote attacker can send specially crafted packets to the device, trigger an out-of-bounds write and execute arbitrary code on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsMT2731: All versions
MT2735: All versions
MT6297: All versions
MT6725: All versions
MT6735: All versions
MT6737: All versions
MT6739: All versions
MT6750: All versions
MT6750S: All versions
MT6755: All versions
MT6757: All versions
MT6757P: All versions
MT6758: All versions
MT6761: All versions
MT6762: All versions
MT6762D: All versions
MT6762M: All versions
MT6763: All versions
MT6765: All versions
MT6765T: All versions
MT6767: All versions
MT6768: All versions
MT6769: All versions
MT6769T: All versions
MT6769Z: All versions
MT6771: All versions
MT6775: All versions
MT6779: All versions
MT6781: All versions
MT6783: All versions
MT6785: All versions
MT6785T: All versions
MT6789: All versions
MT6797: All versions
MT6799: All versions
MT6833: All versions
MT6853: All versions
MT6855: All versions
MT6873: All versions
MT6875: All versions
MT6877: All versions
MT6879: All versions
MT6880: All versions
MT6883: All versions
MT6885: All versions
MT6889: All versions
MT6890: All versions
MT6891: All versions
MT6893: All versions
MT6895: All versions
MT6983: All versions
MT8666: All versions
MT8667: All versions
MT8675: All versions
MT8735A: All versions
MT8735B: All versions
MT8765: All versions
MT8766: All versions
MT8768: All versions
MT8771: All versions
MT8781: All versions
MT8786: All versions
MT8788: All versions
MT8789: All versions
MT8791: All versions
MT8797: All versions
CPE2.3http://corp.mediatek.com/product-security-bulletin/July-2022
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU65028
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-21764
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a local application to gain access to sensitive information.
Install updates from vendor's website.
Vulnerable software versionsMT6739: All versions
MT6761: All versions
MT6762: All versions
MT6763: All versions
MT6765: All versions
MT6768: All versions
MT6769: All versions
MT6771: All versions
MT6779: All versions
MT6781: All versions
MT6785: All versions
MT6789: All versions
MT6795: All versions
MT6797: All versions
MT6799: All versions
MT6833: All versions
MT6853: All versions
MT6853T: All versions
MT6873: All versions
MT6875: All versions
MT6877: All versions
MT6879: All versions
MT6880: All versions
MT6883: All versions
MT6885: All versions
MT6889: All versions
MT6890: All versions
MT6891: All versions
MT6893: All versions
MT6895: All versions
MT6983: All versions
MT6985: All versions
MT8321: All versions
MT8666: All versions
MT8667: All versions
MT8675: All versions
MT8765: All versions
MT8766: All versions
MT8768: All versions
MT8786: All versions
MT8788: All versions
MT8789: All versions
MT8791: All versions
MT8797: All versions
CPE2.3http://corp.mediatek.com/product-security-bulletin/July-2022
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU65027
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-21763
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper access restrictions in telecom service. A local application can obtain potentially sensitive information.
Install updates from vendor's website.
Vulnerable software versionsMT6739: All versions
MT6761: All versions
MT6762: All versions
MT6763: All versions
MT6765: All versions
MT6768: All versions
MT6769: All versions
MT6771: All versions
MT6779: All versions
MT6781: All versions
MT6785: All versions
MT6789: All versions
MT6795: All versions
MT6797: All versions
MT6799: All versions
MT6833: All versions
MT6853: All versions
MT6853T: All versions
MT6873: All versions
MT6875: All versions
MT6877: All versions
MT6879: All versions
MT6880: All versions
MT6883: All versions
MT6885: All versions
MT6889: All versions
MT6890: All versions
MT6891: All versions
MT6893: All versions
MT6895: All versions
MT6983: All versions
MT6985: All versions
MT8321: All versions
MT8666: All versions
MT8667: All versions
MT8675: All versions
MT8765: All versions
MT8766: All versions
MT8768: All versions
MT8786: All versions
MT8788: All versions
MT8789: All versions
MT8791: All versions
MT8797: All versions
CPE2.3http://corp.mediatek.com/product-security-bulletin/July-2022
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.