Multiple vulnerabilities in MediaTek chipsets



Risk High
Patch available YES
Number of vulnerabilities 27
CVE-ID CVE-2022-21774
CVE-2022-21787
CVE-2022-21786
CVE-2022-21785
CVE-2022-21784
CVE-2022-21783
CVE-2022-21782
CVE-2022-21781
CVE-2022-21780
CVE-2022-21779
CVE-2022-21777
CVE-2022-21776
CVE-2022-21775
CVE-2022-21773
CVE-2022-20082
CVE-2022-21772
CVE-2022-21771
CVE-2022-21770
CVE-2022-21769
CVE-2022-21766
CVE-2022-21765
CVE-2022-21768
CVE-2022-21767
CVE-2022-20083
CVE-2022-21744
CVE-2022-21764
CVE-2022-21763
CWE-ID CWE-362
CWE-787
CWE-704
CWE-284
CWE-416
CWE-61
CWE-125
CWE-122
Exploitation vector Network
Public exploit N/A
Vulnerable software
MT6761
Mobile applications / Mobile firmware & hardware

MT6765
Mobile applications / Mobile firmware & hardware

MT6768
Mobile applications / Mobile firmware & hardware

MT6771
Mobile applications / Mobile firmware & hardware

MT6833
Mobile applications / Mobile firmware & hardware

MT6879
Mobile applications / Mobile firmware & hardware

MT6895
Mobile applications / Mobile firmware & hardware

MT6983
Mobile applications / Mobile firmware & hardware

MT8791
Mobile applications / Mobile firmware & hardware

MT8798
Mobile applications / Mobile firmware & hardware

MT8167S
Mobile applications / Mobile firmware & hardware

MT8168
Mobile applications / Mobile firmware & hardware

MT8175
Mobile applications / Mobile firmware & hardware

MT8183
Mobile applications / Mobile firmware & hardware

MT8185
Mobile applications / Mobile firmware & hardware

MT8362A
Mobile applications / Mobile firmware & hardware

MT8365
Mobile applications / Mobile firmware & hardware

MT8385
Mobile applications / Mobile firmware & hardware

MT8667
Mobile applications / Mobile firmware & hardware

MT8675
Mobile applications / Mobile firmware & hardware

MT8695
Mobile applications / Mobile firmware & hardware

MT8696
Mobile applications / Mobile firmware & hardware

MT8766
Mobile applications / Mobile firmware & hardware

MT8768
Mobile applications / Mobile firmware & hardware

MT8786
Mobile applications / Mobile firmware & hardware

MT8788
Mobile applications / Mobile firmware & hardware

MT8789
Mobile applications / Mobile firmware & hardware

MT6580
Mobile applications / Mobile firmware & hardware

MT6735
Mobile applications / Mobile firmware & hardware

MT6739
Mobile applications / Mobile firmware & hardware

MT8167
Mobile applications / Mobile firmware & hardware

MT8173
Mobile applications / Mobile firmware & hardware

MT8321
Mobile applications / Mobile firmware & hardware

MT8666
Mobile applications / Mobile firmware & hardware

MT8765
Mobile applications / Mobile firmware & hardware

MT6789
Mobile applications / Mobile firmware & hardware

MT8163
Mobile applications / Mobile firmware & hardware

MT6762
Mobile applications / Mobile firmware & hardware

MT6763
Mobile applications / Mobile firmware & hardware

MT6769
Mobile applications / Mobile firmware & hardware

MT6795
Mobile applications / Mobile firmware & hardware

MT6797
Mobile applications / Mobile firmware & hardware

MT6799
Mobile applications / Mobile firmware & hardware

MT6737
Mobile applications / Mobile firmware & hardware

MT6750
Mobile applications / Mobile firmware & hardware

MT6750S
Mobile applications / Mobile firmware & hardware

MT6755
Mobile applications / Mobile firmware & hardware

MT6755S
Mobile applications / Mobile firmware & hardware

MT6890
Mobile applications / Mobile firmware & hardware

MT8785
Mobile applications / Mobile firmware & hardware

MT6753
Mobile applications / Mobile firmware & hardware

MT2731
Mobile applications / Mobile firmware & hardware

MT2735
Mobile applications / Mobile firmware & hardware

MT6297
Mobile applications / Mobile firmware & hardware

MT6725
Mobile applications / Mobile firmware & hardware

MT6757
Mobile applications / Mobile firmware & hardware

MT6757P
Mobile applications / Mobile firmware & hardware

MT6758
Mobile applications / Mobile firmware & hardware

MT6762D
Mobile applications / Mobile firmware & hardware

MT6762M
Mobile applications / Mobile firmware & hardware

MT6765T
Mobile applications / Mobile firmware & hardware

MT6767
Mobile applications / Mobile firmware & hardware

MT6769T
Mobile applications / Mobile firmware & hardware

MT6769Z
Mobile applications / Mobile firmware & hardware

MT6775
Mobile applications / Mobile firmware & hardware

MT6783
Mobile applications / Mobile firmware & hardware

MT6785T
Mobile applications / Mobile firmware & hardware

MT6855
Mobile applications / Mobile firmware & hardware

MT6880
Mobile applications / Mobile firmware & hardware

MT8735A
Mobile applications / Mobile firmware & hardware

MT8735B
Mobile applications / Mobile firmware & hardware

MT8771
Mobile applications / Mobile firmware & hardware

MT8781
Mobile applications / Mobile firmware & hardware

MT6985
Mobile applications / Mobile firmware & hardware

MT6779
Hardware solutions / Firmware

MT6781
Hardware solutions / Firmware

MT6785
Hardware solutions / Firmware

MT6853
Hardware solutions / Firmware

MT6875
Hardware solutions / Firmware

MT6877
Hardware solutions / Firmware

MT6885
Hardware solutions / Firmware

MT6893
Hardware solutions / Firmware

MT6873
Hardware solutions / Firmware

MT8797
Hardware solutions / Firmware

MT6883
Hardware solutions / Firmware

MT6889
Hardware solutions / Firmware

MT6891
Hardware solutions / Firmware

MT6853T
Hardware solutions / Firmware

Vendor MediaTek

Security Bulletin

This security bulletin contains information about 27 vulnerabilities.

1) Race condition

EUVDB-ID: #VU65042

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-21774

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

Description

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to a race condition in TEEI driver. A local application can exploit the race and escalate privileges on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

MT6761: All versions

MT6765: All versions

MT6768: All versions

MT6771: All versions

MT6779: All versions

MT6781: All versions

MT6785: All versions

MT6833: All versions

MT6853: All versions

MT6875: All versions

MT6877: All versions

MT6879: All versions

MT6885: All versions

MT6893: All versions

MT6895: All versions

MT6983: All versions

CPE2.3 External links

http://corp.mediatek.com/product-security-bulletin/July-2022


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Out-of-bounds write

EUVDB-ID: #VU65055

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-21787

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a malicious application to escalate privileges on the system.

The vulnerability exists due to a boundary error in audio DSP. A malicious application can trigger an out-of-bounds write and execute arbitrary code with elevated privileges.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

MT6833: All versions

MT6853: All versions

MT6873: All versions

MT6877: All versions

MT6879: All versions

MT6885: All versions

MT6893: All versions

MT6895: All versions

MT6983: All versions

MT8791: All versions

MT8797: All versions

MT8798: All versions

CPE2.3 External links

http://corp.mediatek.com/product-security-bulletin/July-2022


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Type conversion

EUVDB-ID: #VU65053

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-21786

CWE-ID: CWE-704 - Type conversion

Exploit availability: No

Description

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to a type conversion error in audio DSP. A local application can trigger memory corruption and execute arbitrary code with elevated privileges.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

MT6833: All versions

MT6853: All versions

MT6873: All versions

MT6877: All versions

MT6879: All versions

MT6885: All versions

MT6893: All versions

MT6895: All versions

MT6983: All versions

MT8791: All versions

MT8797: All versions

MT8798: All versions

CPE2.3 External links

http://corp.mediatek.com/product-security-bulletin/July-2022


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Out-of-bounds write

EUVDB-ID: #VU65052

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-21785

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a malicious application to escalate privileges on the system.

The vulnerability exists due to a boundary error in WLAN driver. A malicious application can trigger an out-of-bounds write and execute arbitrary code with elevated privileges.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

MT6877: All versions

MT6983: All versions

MT8167S: All versions

MT8168: All versions

MT8175: All versions

MT8183: All versions

MT8185: All versions

MT8362A: All versions

MT8365: All versions

MT8385: All versions

MT8667: All versions

MT8675: All versions

MT8695: All versions

MT8696: All versions

MT8766: All versions

MT8768: All versions

MT8786: All versions

MT8788: All versions

MT8789: All versions

MT8791: All versions

MT8797: All versions

CPE2.3 External links

http://corp.mediatek.com/product-security-bulletin/July-2022


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Out-of-bounds write

EUVDB-ID: #VU65051

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-21784

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a malicious application to escalate privileges on the system.

The vulnerability exists due to a boundary error in WLAN driver. A malicious application can trigger an out-of-bounds write and execute arbitrary code with elevated privileges.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

MT6761: All versions

MT6779: All versions

MT6781: All versions

MT6833: All versions

MT6853: All versions

MT6873: All versions

MT6877: All versions

MT6879: All versions

MT6883: All versions

MT6885: All versions

MT6889: All versions

MT6893: All versions

MT6895: All versions

MT6983: All versions

MT8167S: All versions

MT8168: All versions

MT8175: All versions

MT8183: All versions

MT8185: All versions

MT8362A: All versions

MT8365: All versions

MT8385: All versions

MT8667: All versions

MT8675: All versions

MT8696: All versions

MT8766: All versions

MT8768: All versions

MT8786: All versions

MT8788: All versions

MT8789: All versions

MT8791: All versions

MT8797: All versions

CPE2.3 External links

http://corp.mediatek.com/product-security-bulletin/July-2022


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Out-of-bounds write

EUVDB-ID: #VU65050

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-21783

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a malicious application to escalate privileges on the system.

The vulnerability exists due to a boundary error in WLAN driver. A malicious application can trigger an out-of-bounds write and execute arbitrary code with elevated privileges.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

MT6761: All versions

MT6779: All versions

MT6781: All versions

MT6833: All versions

MT6853: All versions

MT6873: All versions

MT6877: All versions

MT6879: All versions

MT6883: All versions

MT6885: All versions

MT6889: All versions

MT6893: All versions

MT6895: All versions

MT6983: All versions

MT8167S: All versions

MT8168: All versions

MT8175: All versions

MT8183: All versions

MT8185: All versions

MT8362A: All versions

MT8365: All versions

MT8385: All versions

MT8667: All versions

MT8675: All versions

MT8696: All versions

MT8766: All versions

MT8768: All versions

MT8786: All versions

MT8788: All versions

MT8789: All versions

MT8791: All versions

MT8797: All versions

CPE2.3 External links

http://corp.mediatek.com/product-security-bulletin/July-2022


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Out-of-bounds write

EUVDB-ID: #VU65049

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-21782

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a malicious application to escalate privileges on the system.

The vulnerability exists due to a boundary error in WLAN driver. A malicious application can trigger an out-of-bounds write and execute arbitrary code with elevated privileges.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

MT6761: All versions

MT6779: All versions

MT6781: All versions

MT6833: All versions

MT6853: All versions

MT6873: All versions

MT6877: All versions

MT6879: All versions

MT6883: All versions

MT6885: All versions

MT6889: All versions

MT6893: All versions

MT6895: All versions

MT6983: All versions

MT8167S: All versions

MT8168: All versions

MT8175: All versions

MT8183: All versions

MT8185: All versions

MT8362A: All versions

MT8365: All versions

MT8385: All versions

MT8667: All versions

MT8675: All versions

MT8696: All versions

MT8766: All versions

MT8768: All versions

MT8786: All versions

MT8788: All versions

MT8789: All versions

MT8791: All versions

MT8797: All versions

CPE2.3 External links

http://corp.mediatek.com/product-security-bulletin/July-2022


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Out-of-bounds write

EUVDB-ID: #VU65048

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-21781

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a malicious application to escalate privileges on the system.

The vulnerability exists due to a boundary error in WLAN driver. A malicious application can trigger an out-of-bounds write and execute arbitrary code with elevated privileges.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

MT6761: All versions

MT6779: All versions

MT6781: All versions

MT6833: All versions

MT6853: All versions

MT6873: All versions

MT6877: All versions

MT6879: All versions

MT6883: All versions

MT6885: All versions

MT6889: All versions

MT6893: All versions

MT6895: All versions

MT6983: All versions

MT8167S: All versions

MT8168: All versions

MT8175: All versions

MT8183: All versions

MT8185: All versions

MT8362A: All versions

MT8365: All versions

MT8385: All versions

MT8667: All versions

MT8675: All versions

MT8696: All versions

MT8766: All versions

MT8768: All versions

MT8786: All versions

MT8788: All versions

MT8789: All versions

MT8791: All versions

MT8797: All versions

CPE2.3 External links

http://corp.mediatek.com/product-security-bulletin/July-2022


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Out-of-bounds write

EUVDB-ID: #VU65047

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-21780

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a malicious application to escalate privileges on the system.

The vulnerability exists due to a boundary error in WLAN driver. A malicious application can trigger an out-of-bounds write and execute arbitrary code with elevated privileges.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

MT6761: All versions

MT6779: All versions

MT6781: All versions

MT6833: All versions

MT6853: All versions

MT6873: All versions

MT6877: All versions

MT6879: All versions

MT6883: All versions

MT6885: All versions

MT6889: All versions

MT6893: All versions

MT6895: All versions

MT6983: All versions

MT8167S: All versions

MT8168: All versions

MT8175: All versions

MT8183: All versions

MT8185: All versions

MT8362A: All versions

MT8365: All versions

MT8385: All versions

MT8667: All versions

MT8675: All versions

MT8696: All versions

MT8766: All versions

MT8768: All versions

MT8786: All versions

MT8788: All versions

MT8789: All versions

MT8791: All versions

MT8797: All versions

CPE2.3 External links

http://corp.mediatek.com/product-security-bulletin/July-2022


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Out-of-bounds write

EUVDB-ID: #VU65046

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-21779

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a malicious application to escalate privileges on the system.

The vulnerability exists due to a boundary error in WLAN driver. A malicious application can trigger an out-of-bounds write and execute arbitrary code with elevated privileges.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

MT6761: All versions

MT6779: All versions

MT6781: All versions

MT6833: All versions

MT6853: All versions

MT6873: All versions

MT6877: All versions

MT6879: All versions

MT6883: All versions

MT6885: All versions

MT6889: All versions

MT6893: All versions

MT6895: All versions

MT6983: All versions

MT8167S: All versions

MT8168: All versions

MT8175: All versions

MT8183: All versions

MT8185: All versions

MT8362A: All versions

MT8365: All versions

MT8385: All versions

MT8667: All versions

MT8675: All versions

MT8696: All versions

MT8766: All versions

MT8768: All versions

MT8786: All versions

MT8788: All versions

MT8789: All versions

MT8791: All versions

MT8797: All versions

CPE2.3 External links

http://corp.mediatek.com/product-security-bulletin/July-2022


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Improper access control

EUVDB-ID: #VU65045

Risk: Low

CVSSv3.1: 6.2 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-21777

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

Description

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due missing permission check in Autoboot. A local application can execute arbitrary code on the system with elevated privileges.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

MT6580: All versions

MT6735: All versions

MT6739: All versions

MT6761: All versions

MT6765: All versions

MT6768: All versions

MT6771: All versions

MT6779: All versions

MT6785: All versions

MT6833: All versions

MT6853: All versions

MT6873: All versions

MT6875: All versions

MT6877: All versions

MT6879: All versions

MT6885: All versions

MT6891: All versions

MT6893: All versions

MT6895: All versions

MT6983: All versions

MT8167: All versions

MT8167S: All versions

MT8168: All versions

MT8173: All versions

MT8175: All versions

MT8185: All versions

MT8321: All versions

MT8362A: All versions

MT8365: All versions

MT8385: All versions

MT8666: All versions

MT8667: All versions

MT8675: All versions

MT8765: All versions

MT8766: All versions

MT8768: All versions

MT8786: All versions

MT8788: All versions

MT8789: All versions

MT8791: All versions

MT8797: All versions

CPE2.3 External links

http://corp.mediatek.com/product-security-bulletin/July-2022


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) Race condition

EUVDB-ID: #VU65044

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-21776

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

Description

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to a race condition in MDP. A local application can exploit the race and escalate privileges on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

MT6580: All versions

MT6739: All versions

MT6761: All versions

MT6765: All versions

MT6768: All versions

MT6771: All versions

MT6779: All versions

MT6781: All versions

MT6785: All versions

MT6789: All versions

MT6833: All versions

MT6853: All versions

MT6873: All versions

MT6877: All versions

MT6879: All versions

MT6883: All versions

MT6885: All versions

MT6889: All versions

MT6893: All versions

MT6895: All versions

MT8163: All versions

MT8167: All versions

MT8167S: All versions

MT8168: All versions

MT8173: All versions

MT8175: All versions

MT8183: All versions

MT8185: All versions

MT8321: All versions

MT8362A: All versions

MT8365: All versions

MT8385: All versions

MT8666: All versions

MT8667: All versions

MT8675: All versions

MT8765: All versions

MT8766: All versions

MT8768: All versions

MT8786: All versions

MT8788: All versions

MT8791: All versions

MT8797: All versions

MT8798: All versions

CPE2.3 External links

http://corp.mediatek.com/product-security-bulletin/July-2022


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

13) Use-after-free

EUVDB-ID: #VU65043

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-21775

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local application to execute arbitrary code with elevated privileges.

The vulnerability exists due to a use-after-free error caused by improper locking within the sched driver. A local application can execute arbitrary code with elevated privileges.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

MT6761: All versions

MT6762: All versions

MT6763: All versions

MT6765: All versions

MT6768: All versions

MT6769: All versions

MT6771: All versions

MT6779: All versions

MT6781: All versions

MT6785: All versions

MT6789: All versions

MT6795: All versions

MT6797: All versions

MT6799: All versions

MT6833: All versions

MT6853: All versions

MT6853T: All versions

MT6873: All versions

MT6875: All versions

MT6877: All versions

MT6879: All versions

MT6883: All versions

MT6885: All versions

MT6889: All versions

MT6891: All versions

MT6893: All versions

MT6895: All versions

MT8167: All versions

MT8167S: All versions

MT8168: All versions

MT8173: All versions

MT8185: All versions

MT8321: All versions

MT8362A: All versions

MT8365: All versions

MT8385: All versions

MT8666: All versions

MT8675: All versions

MT8768: All versions

MT8786: All versions

MT8788: All versions

MT8789: All versions

MT8791: All versions

MT8797: All versions

CPE2.3 External links

http://corp.mediatek.com/product-security-bulletin/July-2022


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

14) Race condition

EUVDB-ID: #VU65041

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-21773

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

Description

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to a race condition in TEEI driver. A local application can exploit the race and escalate privileges on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

MT6580: All versions

MT6735: All versions

MT6737: All versions

MT6739: All versions

MT6750: All versions

MT6750S: All versions

MT6755: All versions

MT6755S: All versions

MT6761: All versions

MT6762: All versions

MT6763: All versions

MT6765: All versions

MT6768: All versions

MT6769: All versions

MT6771: All versions

MT6779: All versions

MT6781: All versions

MT6785: All versions

MT6789: All versions

MT6795: All versions

MT6797: All versions

MT6833: All versions

MT6853: All versions

MT6853T: All versions

MT6873: All versions

MT6875: All versions

MT6877: All versions

MT6879: All versions

MT6883: All versions

MT6885: All versions

MT6889: All versions

MT6890: All versions

MT6891: All versions

MT6893: All versions

CPE2.3 External links

http://corp.mediatek.com/product-security-bulletin/July-2022


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

15) Race condition

EUVDB-ID: #VU65026

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-20082

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

Description

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to a race condition in GPU component. A local application can exploit the race to trigger a use-after-free error and escalate privileges on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

MT6768: All versions

MT6769: All versions

MT6781: All versions

MT6785: All versions

MT6789: All versions

MT6833: All versions

MT6853: All versions

MT6853T: All versions

MT6873: All versions

MT6875: All versions

MT6877: All versions

MT6879: All versions

MT6883: All versions

MT6885: All versions

MT6889: All versions

MT6893: All versions

MT6895: All versions

MT6983: All versions

CPE2.3 External links

http://corp.mediatek.com/product-security-bulletin/July-2022


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

16) Race condition

EUVDB-ID: #VU65040

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-21772

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

Description

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to a race condition in TEEI driver. A local application can exploit the race and escalate privileges on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

MT6761: All versions

MT6765: All versions

MT6768: All versions

MT6771: All versions

MT6779: All versions

MT6833: All versions

MT6879: All versions

MT6885: All versions

MT6893: All versions

MT6895: All versions

MT6983: All versions

MT8185: All versions

MT8765: All versions

MT8766: All versions

MT8768: All versions

MT8785: All versions

MT8786: All versions

MT8788: All versions

MT8791: All versions

MT8797: All versions

CPE2.3 External links

http://corp.mediatek.com/product-security-bulletin/July-2022


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

17) Race condition

EUVDB-ID: #VU65039

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-21771

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

Description

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to a race condition in GED driver. A local application can exploit the race to trigger a use-after-free error and escalate privileges on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

MT6580: All versions

MT6735: All versions

MT6737: All versions

MT6739: All versions

MT6753: All versions

MT6761: All versions

MT6765: All versions

MT6768: All versions

MT6771: All versions

MT6779: All versions

MT6781: All versions

MT6785: All versions

MT6789: All versions

MT6833: All versions

MT6853: All versions

MT6853T: All versions

MT6873: All versions

MT6877: All versions

MT6879: All versions

MT6883: All versions

MT6885: All versions

MT6889: All versions

MT6893: All versions

MT6895: All versions

MT6983: All versions

MT8168: All versions

MT8365: All versions

CPE2.3 External links

http://corp.mediatek.com/product-security-bulletin/July-2022


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

18) UNIX symbolic link following

EUVDB-ID: #VU65038

Risk: Low

CVSSv3.1: 3.3 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-21770

CWE-ID: CWE-61 - UNIX Symbolic Link (Symlink) Following

Exploit availability: No

Description

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to a symlink following issue. A local application can use a specially crafted symbolic link to a critical file on the system and gain access to sensitive information.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

MT6781: All versions

MT6877: All versions

MT6879: All versions

MT6893: All versions

MT6895: All versions

MT6983: All versions

MT8791: All versions

MT8797: All versions

MT8798: All versions

CPE2.3 External links

http://corp.mediatek.com/product-security-bulletin/July-2022


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

19) Out-of-bounds read

EUVDB-ID: #VU65037

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-21769

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to a boundary error in CCCI. A malicious application can execute arbitrary code with elevated privileges.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

MT6580: All versions

MT6735: All versions

MT6737: All versions

MT6739: All versions

MT6753: All versions

MT6761: All versions

MT6765: All versions

MT6768: All versions

MT6771: All versions

MT6779: All versions

MT6781: All versions

MT6785: All versions

MT6833: All versions

MT6853: All versions

MT6873: All versions

MT6877: All versions

MT6879: All versions

MT6883: All versions

MT6885: All versions

MT6889: All versions

MT6893: All versions

MT6895: All versions

MT6983: All versions

MT8321: All versions

MT8666: All versions

MT8667: All versions

MT8675: All versions

MT8765: All versions

MT8766: All versions

MT8768: All versions

MT8786: All versions

MT8788: All versions

MT8789: All versions

MT8791: All versions

MT8797: All versions

CPE2.3 External links

http://corp.mediatek.com/product-security-bulletin/July-2022


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

20) Out-of-bounds write

EUVDB-ID: #VU65036

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-21766

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to a boundary error in CCCI. A malicious application can execute arbitrary code with elevated privileges.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

MT6580: All versions

MT6735: All versions

MT6737: All versions

MT6739: All versions

MT6753: All versions

MT6761: All versions

MT6765: All versions

MT6768: All versions

MT6771: All versions

MT6779: All versions

MT6781: All versions

MT6785: All versions

MT6833: All versions

MT6853: All versions

MT6873: All versions

MT6877: All versions

MT6879: All versions

MT6883: All versions

MT6885: All versions

MT6889: All versions

MT6893: All versions

MT6895: All versions

MT6983: All versions

MT8321: All versions

MT8666: All versions

MT8667: All versions

MT8675: All versions

MT8765: All versions

MT8766: All versions

MT8768: All versions

MT8786: All versions

MT8788: All versions

MT8789: All versions

MT8791: All versions

MT8797: All versions

CPE2.3 External links

http://corp.mediatek.com/product-security-bulletin/July-2022


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

21) Out-of-bounds write

EUVDB-ID: #VU65034

Risk: Low

CVSSv3.1: 6.1 [CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-21765

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to a boundary error in CCCI. A malicious application can execute arbitrary code with elevated privileges.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

MT6580: All versions

MT6735: All versions

MT6737: All versions

MT6739: All versions

MT6753: All versions

MT6761: All versions

MT6765: All versions

MT6768: All versions

MT6771: All versions

MT6779: All versions

MT6781: All versions

MT6785: All versions

MT6833: All versions

MT6853: All versions

MT6873: All versions

MT6877: All versions

MT6879: All versions

MT6883: All versions

MT6885: All versions

MT6889: All versions

MT6893: All versions

MT6895: All versions

MT6983: All versions

MT8321: All versions

MT8666: All versions

MT8667: All versions

MT8675: All versions

MT8765: All versions

MT8766: All versions

MT8768: All versions

MT8786: All versions

MT8788: All versions

MT8789: All versions

MT8791: All versions

MT8797: All versions

CPE2.3 External links

http://corp.mediatek.com/product-security-bulletin/July-2022


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

22) Heap-based buffer overflow

EUVDB-ID: #VU65032

Risk: Low

CVSSv3.1: 5.9 [CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-21768

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows an attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error within Bluetooth implementation. A remote attacker with physical proximity to device can trigger a heap-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

MT8167S: All versions

MT8175: All versions

MT8183: All versions

MT8362A: All versions

MT8365: All versions

MT8385: All versions

CPE2.3 External links

http://corp.mediatek.com/product-security-bulletin/July-2022


Q & A

Can this vulnerability be exploited remotely?

No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

23) Heap-based buffer overflow

EUVDB-ID: #VU65031

Risk: Low

CVSSv3.1: 5.9 [CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-21767

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows an attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error within Bluetooth implementation. A remote attacker with physical proximity to device can trigger a heap-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

MT8167: All versions

MT8175: All versions

MT8183: All versions

MT8362A: All versions

MT8365: All versions

MT8385: All versions

CPE2.3 External links

http://corp.mediatek.com/product-security-bulletin/July-2022


Q & A

Can this vulnerability be exploited remotely?

No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

24) Out-of-bounds write

EUVDB-ID: #VU65030

Risk: High

CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-20083

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error in Modem 2G/3G CC when decoding combined FACILITY. A remote attacker can send specially crafted packets to the device, trigger an out-of-bounds write and execute arbitrary code on the target system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

MT2731: All versions

MT2735: All versions

MT6297: All versions

MT6725: All versions

MT6735: All versions

MT6737: All versions

MT6739: All versions

MT6750: All versions

MT6750S: All versions

MT6755: All versions

MT6757: All versions

MT6757P: All versions

MT6758: All versions

MT6761: All versions

MT6762: All versions

MT6762D: All versions

MT6762M: All versions

MT6763: All versions

MT6765: All versions

MT6765T: All versions

MT6767: All versions

MT6768: All versions

MT6769: All versions

MT6769T: All versions

MT6769Z: All versions

MT6771: All versions

MT6775: All versions

MT6779: All versions

MT6781: All versions

MT6783: All versions

MT6785: All versions

MT6785T: All versions

MT6789: All versions

MT6797: All versions

MT6799: All versions

MT6833: All versions

MT6853: All versions

MT6855: All versions

MT6873: All versions

MT6875: All versions

MT6877: All versions

MT6879: All versions

MT6880: All versions

MT6883: All versions

MT6885: All versions

MT6889: All versions

MT6890: All versions

MT6891: All versions

MT6893: All versions

MT6895: All versions

MT6983: All versions

MT8666: All versions

MT8667: All versions

MT8675: All versions

MT8735A: All versions

MT8735B: All versions

MT8765: All versions

MT8766: All versions

MT8768: All versions

MT8771: All versions

MT8781: All versions

MT8786: All versions

MT8788: All versions

MT8789: All versions

MT8791: All versions

MT8797: All versions

CPE2.3 External links

http://corp.mediatek.com/product-security-bulletin/July-2022


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

25) Out-of-bounds write

EUVDB-ID: #VU65029

Risk: High

CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-21744

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing untrusted input in Modem 2G RR when decoding GPRS Packet Neighbour Cell Data (PNCD). A remote attacker can send specially crafted packets to the device, trigger an out-of-bounds write and execute arbitrary code on the target system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

MT2731: All versions

MT2735: All versions

MT6297: All versions

MT6725: All versions

MT6735: All versions

MT6737: All versions

MT6739: All versions

MT6750: All versions

MT6750S: All versions

MT6755: All versions

MT6757: All versions

MT6757P: All versions

MT6758: All versions

MT6761: All versions

MT6762: All versions

MT6762D: All versions

MT6762M: All versions

MT6763: All versions

MT6765: All versions

MT6765T: All versions

MT6767: All versions

MT6768: All versions

MT6769: All versions

MT6769T: All versions

MT6769Z: All versions

MT6771: All versions

MT6775: All versions

MT6779: All versions

MT6781: All versions

MT6783: All versions

MT6785: All versions

MT6785T: All versions

MT6789: All versions

MT6797: All versions

MT6799: All versions

MT6833: All versions

MT6853: All versions

MT6855: All versions

MT6873: All versions

MT6875: All versions

MT6877: All versions

MT6879: All versions

MT6880: All versions

MT6883: All versions

MT6885: All versions

MT6889: All versions

MT6890: All versions

MT6891: All versions

MT6893: All versions

MT6895: All versions

MT6983: All versions

MT8666: All versions

MT8667: All versions

MT8675: All versions

MT8735A: All versions

MT8735B: All versions

MT8765: All versions

MT8766: All versions

MT8768: All versions

MT8771: All versions

MT8781: All versions

MT8786: All versions

MT8788: All versions

MT8789: All versions

MT8791: All versions

MT8797: All versions

CPE2.3 External links

http://corp.mediatek.com/product-security-bulletin/July-2022


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

26) Improper access control

EUVDB-ID: #VU65028

Risk: Low

CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-21764

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

Description

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to improper access restrictions in telecom service. A local application can obtain potentially sensitive information.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

MT6739: All versions

MT6761: All versions

MT6762: All versions

MT6763: All versions

MT6765: All versions

MT6768: All versions

MT6769: All versions

MT6771: All versions

MT6779: All versions

MT6781: All versions

MT6785: All versions

MT6789: All versions

MT6795: All versions

MT6797: All versions

MT6799: All versions

MT6833: All versions

MT6853: All versions

MT6853T: All versions

MT6873: All versions

MT6875: All versions

MT6877: All versions

MT6879: All versions

MT6880: All versions

MT6883: All versions

MT6885: All versions

MT6889: All versions

MT6890: All versions

MT6891: All versions

MT6893: All versions

MT6895: All versions

MT6983: All versions

MT6985: All versions

MT8321: All versions

MT8666: All versions

MT8667: All versions

MT8675: All versions

MT8765: All versions

MT8766: All versions

MT8768: All versions

MT8786: All versions

MT8788: All versions

MT8789: All versions

MT8791: All versions

MT8797: All versions

CPE2.3 External links

http://corp.mediatek.com/product-security-bulletin/July-2022


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

27) Improper access control

EUVDB-ID: #VU65027

Risk: Low

CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-21763

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

Description

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to improper access restrictions in telecom service. A local application can obtain potentially sensitive information.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

MT6739: All versions

MT6761: All versions

MT6762: All versions

MT6763: All versions

MT6765: All versions

MT6768: All versions

MT6769: All versions

MT6771: All versions

MT6779: All versions

MT6781: All versions

MT6785: All versions

MT6789: All versions

MT6795: All versions

MT6797: All versions

MT6799: All versions

MT6833: All versions

MT6853: All versions

MT6853T: All versions

MT6873: All versions

MT6875: All versions

MT6877: All versions

MT6879: All versions

MT6880: All versions

MT6883: All versions

MT6885: All versions

MT6889: All versions

MT6890: All versions

MT6891: All versions

MT6893: All versions

MT6895: All versions

MT6983: All versions

MT6985: All versions

MT8321: All versions

MT8666: All versions

MT8667: All versions

MT8675: All versions

MT8765: All versions

MT8766: All versions

MT8768: All versions

MT8786: All versions

MT8788: All versions

MT8789: All versions

MT8791: All versions

MT8797: All versions

CPE2.3 External links

http://corp.mediatek.com/product-security-bulletin/July-2022


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###