Multiple vulnerabilities in MediaTek chipsets



Published: 2022-12-05
Risk Low
Patch available YES
Number of vulnerabilities 19
CVE-ID CVE-2022-32619
CVE-2022-32598
CVE-2022-32597
CVE-2022-32594
CVE-2022-32596
CVE-2022-32620
CVE-2022-32595
CVE-2022-32621
CVE-2022-32622
CVE-2022-32624
CVE-2022-32625
CVE-2022-32626
CVE-2022-32628
CVE-2022-32629
CVE-2022-32630
CVE-2022-32631
CVE-2022-32632
CVE-2022-32633
CVE-2022-32634
CWE-ID CWE-119
CWE-787
CWE-125
CWE-362
CWE-121
CWE-648
Exploitation vector Local
Public exploit N/A
Vulnerable software
Subscribe
MT6580
Mobile applications / Mobile firmware & hardware

MT6731
Mobile applications / Mobile firmware & hardware

MT6735
Mobile applications / Mobile firmware & hardware

MT6737
Mobile applications / Mobile firmware & hardware

MT6739
Mobile applications / Mobile firmware & hardware

MT6753
Mobile applications / Mobile firmware & hardware

MT6757
Mobile applications / Mobile firmware & hardware

MT6757C
Mobile applications / Mobile firmware & hardware

MT6757CD
Mobile applications / Mobile firmware & hardware

MT6757CH
Mobile applications / Mobile firmware & hardware

MT6761
Mobile applications / Mobile firmware & hardware

MT6762
Mobile applications / Mobile firmware & hardware

MT6763
Mobile applications / Mobile firmware & hardware

MT6765
Mobile applications / Mobile firmware & hardware

MT6768
Mobile applications / Mobile firmware & hardware

MT6769
Mobile applications / Mobile firmware & hardware

MT6771
Mobile applications / Mobile firmware & hardware

MT6789
Mobile applications / Mobile firmware & hardware

MT6833
Mobile applications / Mobile firmware & hardware

MT6855
Mobile applications / Mobile firmware & hardware

MT6879
Mobile applications / Mobile firmware & hardware

MT6895
Mobile applications / Mobile firmware & hardware

MT6983
Mobile applications / Mobile firmware & hardware

MT8185
Mobile applications / Mobile firmware & hardware

MT8321
Mobile applications / Mobile firmware & hardware

MT8385
Mobile applications / Mobile firmware & hardware

MT8666
Mobile applications / Mobile firmware & hardware

MT8667
Mobile applications / Mobile firmware & hardware

MT8765
Mobile applications / Mobile firmware & hardware

MT8766
Mobile applications / Mobile firmware & hardware

MT8768
Mobile applications / Mobile firmware & hardware

MT8781
Mobile applications / Mobile firmware & hardware

MT8786
Mobile applications / Mobile firmware & hardware

MT8788
Mobile applications / Mobile firmware & hardware

MT8789
Mobile applications / Mobile firmware & hardware

MT8791
Mobile applications / Mobile firmware & hardware

MT8791T
Mobile applications / Mobile firmware & hardware

MT8168
Mobile applications / Mobile firmware & hardware

MT8365
Mobile applications / Mobile firmware & hardware

MT8675
Mobile applications / Mobile firmware & hardware

MT7663
Mobile applications / Mobile firmware & hardware

MT7668
Mobile applications / Mobile firmware & hardware

MT7902
Mobile applications / Mobile firmware & hardware

MT7921
Mobile applications / Mobile firmware & hardware

MT7933
Mobile applications / Mobile firmware & hardware

MT8518
Mobile applications / Mobile firmware & hardware

MT8532
Mobile applications / Mobile firmware & hardware

MT8695
Mobile applications / Mobile firmware & hardware

MT8696
Mobile applications / Mobile firmware & hardware

MT8167S
Mobile applications / Mobile firmware & hardware

MT8175
Mobile applications / Mobile firmware & hardware

MT8183
Mobile applications / Mobile firmware & hardware

MT8362A
Mobile applications / Mobile firmware & hardware

MT6779
Hardware solutions / Firmware

MT6781
Hardware solutions / Firmware

MT6785
Hardware solutions / Firmware

MT6853
Hardware solutions / Firmware

MT6853T
Hardware solutions / Firmware

MT6873
Hardware solutions / Firmware

MT6875
Hardware solutions / Firmware

MT6877
Hardware solutions / Firmware

MT6883
Hardware solutions / Firmware

MT6885
Hardware solutions / Firmware

MT6889
Hardware solutions / Firmware

MT6891
Hardware solutions / Firmware

MT6893
Hardware solutions / Firmware

MT8797
Hardware solutions / Firmware

Vendor MediaTek

Security Bulletin

This security bulletin contains information about 19 vulnerabilities.

1) Buffer overflow

EUVDB-ID: #VU69877

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-32619

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to a boundary error in keyinstall. A local application can trigger memory corruption and execute arbitrary code with elevated privileges.


Mitigation

Install updates from vendor's website.

Vulnerable software versions

MT6580: All versions

MT6731: All versions

MT6735: All versions

MT6737: All versions

MT6739: All versions

MT6753: All versions

MT6757: All versions

MT6757C: All versions

MT6757CD: All versions

MT6757CH: All versions

MT6761: All versions

MT6762: All versions

MT6763: All versions

MT6765: All versions

MT6768: All versions

MT6769: All versions

MT6771: All versions

MT6779: All versions

MT6781: All versions

MT6785: All versions

MT6789: All versions

MT6833: All versions

MT6853: All versions

MT6853T: All versions

MT6855: All versions

MT6873: All versions

MT6875: All versions

MT6877: All versions

MT6879: All versions

MT6883: All versions

MT6885: All versions

MT6889: All versions

MT6891: All versions

MT6893: All versions

MT6895: All versions

MT6983: All versions

MT8185: All versions

MT8321: All versions

MT8385: All versions

MT8666: All versions

MT8667: All versions

MT8765: All versions

MT8766: All versions

MT8768: All versions

MT8781: All versions

MT8786: All versions

MT8788: All versions

MT8789: All versions

MT8791: All versions

MT8791T: All versions

MT8797: All versions


CPE2.3 External links

http://corp.mediatek.com/product-security-bulletin/December-2022

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

2) Out-of-bounds write

EUVDB-ID: #VU69883

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-32598

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to a boundary error when processing untrusted input in widevine. A local application can trigger an out-of-bounds write and execute arbitrary code with elevated privileges.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

MT6762: All versions

MT6765: All versions

MT6768: All versions

MT6769: All versions

MT6779: All versions

MT6781: All versions

MT6785: All versions

MT6789: All versions

MT6833: All versions

MT6853: All versions

MT6853T: All versions

MT6855: All versions

MT6873: All versions

MT6875: All versions

MT6877: All versions

MT6879: All versions

MT6883: All versions

MT6885: All versions

MT6889: All versions

MT6891: All versions

MT6893: All versions

MT6895: All versions

MT8385: All versions

MT8765: All versions

MT8766: All versions

MT8768: All versions

MT8781: All versions

MT8786: All versions

MT8788: All versions

MT8789: All versions

MT8791: All versions

MT8797: All versions


CPE2.3 External links

http://corp.mediatek.com/product-security-bulletin/December-2022

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

3) Out-of-bounds write

EUVDB-ID: #VU69882

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-32597

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to a boundary error when processing untrusted input in widevine. A local application can trigger an out-of-bounds write and execute arbitrary code with elevated privileges.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

MT6762: All versions

MT6765: All versions

MT6768: All versions

MT6769: All versions

MT6779: All versions

MT6781: All versions

MT6785: All versions

MT6789: All versions

MT6833: All versions

MT6853: All versions

MT6853T: All versions

MT6855: All versions

MT6873: All versions

MT6875: All versions

MT6877: All versions

MT6879: All versions

MT6883: All versions

MT6885: All versions

MT6889: All versions

MT6891: All versions

MT6893: All versions

MT6895: All versions

MT8385: All versions

MT8765: All versions

MT8766: All versions

MT8768: All versions

MT8781: All versions

MT8786: All versions

MT8788: All versions

MT8789: All versions

MT8791: All versions

MT8797: All versions


CPE2.3 External links

http://corp.mediatek.com/product-security-bulletin/December-2022

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

4) Out-of-bounds write

EUVDB-ID: #VU69881

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-32594

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to a boundary error when processing untrusted input in widevine. A local application can trigger an out-of-bounds write and execute arbitrary code with elevated privileges.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

MT6762: All versions

MT6765: All versions

MT6768: All versions

MT6769: All versions

MT6779: All versions

MT6781: All versions

MT6785: All versions

MT6789: All versions

MT6833: All versions

MT6853: All versions

MT6853T: All versions

MT6855: All versions

MT6873: All versions

MT6875: All versions

MT6877: All versions

MT6879: All versions

MT6883: All versions

MT6885: All versions

MT6889: All versions

MT6891: All versions

MT6893: All versions

MT6895: All versions

MT8385: All versions

MT8765: All versions

MT8766: All versions

MT8768: All versions

MT8781: All versions

MT8786: All versions

MT8788: All versions

MT8789: All versions

MT8791: All versions

MT8797: All versions


CPE2.3 External links

http://corp.mediatek.com/product-security-bulletin/December-2022

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

5) Out-of-bounds write

EUVDB-ID: #VU69888

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-32596

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to a boundary error when processing untrusted input in widevine. A local application can trigger an out-of-bounds write and execute arbitrary code with elevated privileges.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

MT6762: All versions

MT6765: All versions

MT6768: All versions

MT6769: All versions

MT6779: All versions

MT6781: All versions

MT6785: All versions

MT6789: All versions

MT6833: All versions

MT6853: All versions

MT6853T: All versions

MT6855: All versions

MT6873: All versions

MT6875: All versions

MT6877: All versions

MT6879: All versions

MT6883: All versions

MT6885: All versions

MT6889: All versions

MT6891: All versions

MT6893: All versions

MT6895: All versions

MT8385: All versions

MT8765: All versions

MT8766: All versions

MT8768: All versions

MT8781: All versions

MT8786: All versions

MT8788: All versions

MT8789: All versions

MT8791: All versions

MT8797: All versions


CPE2.3 External links

http://corp.mediatek.com/product-security-bulletin/December-2022

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

6) Buffer overflow

EUVDB-ID: #VU69889

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-32620

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to a boundary error within mpu. A local application can trigger memory corruption and execute arbitrary code with elevated privileges.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

MT6781: All versions

MT6789: All versions

MT6833: All versions

MT6853: All versions

MT6873: All versions

MT6877: All versions

MT8781: All versions

MT8791: All versions


CPE2.3 External links

http://corp.mediatek.com/product-security-bulletin/December-2022

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

7) Out-of-bounds read

EUVDB-ID: #VU69890

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-32595

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local application to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition within widevine. A local application can trigger an out-of-bounds read error and read contents of memory on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

MT6762: All versions

MT6765: All versions

MT6768: All versions

MT6769: All versions

MT6779: All versions

MT6781: All versions

MT6785: All versions

MT6789: All versions

MT6833: All versions

MT6853: All versions

MT6853T: All versions

MT6855: All versions

MT6873: All versions

MT6875: All versions

MT6877: All versions

MT6879: All versions

MT6883: All versions

MT6885: All versions

MT6889: All versions

MT6891: All versions

MT6893: All versions

MT6895: All versions

MT8385: All versions

MT8765: All versions

MT8766: All versions

MT8768: All versions

MT8781: All versions

MT8786: All versions

MT8788: All versions

MT8789: All versions

MT8791: All versions

MT8797: All versions


CPE2.3 External links

http://corp.mediatek.com/product-security-bulletin/December-2022

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

8) Race condition

EUVDB-ID: #VU69892

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-32621

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

Description

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to a race condition within isp component. A local application can exploit the race and escalate privileges on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

MT6895: All versions

MT6983: All versions


CPE2.3 External links

http://corp.mediatek.com/product-security-bulletin/December-2022

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

9) Buffer overflow

EUVDB-ID: #VU69893

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-32622

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to a boundary error within the gz component. A local application can trigger memory corruption and execute arbitrary code with elevated privileges.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

MT6789: All versions

MT6855: All versions

MT6879: All versions

MT6895: All versions

MT6983: All versions

MT8781: All versions


CPE2.3 External links

http://corp.mediatek.com/product-security-bulletin/December-2022

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

10) Buffer overflow

EUVDB-ID: #VU69894

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-32624

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to a boundary error in throttling. A local application can trigger memory corruption and execute arbitrary code with elevated privileges.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

MT6789: All versions

MT6855: All versions

MT6895: All versions

MT6983: All versions

MT8168: All versions

MT8365: All versions

MT8781: All versions


CPE2.3 External links

http://corp.mediatek.com/product-security-bulletin/December-2022

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

11) Out-of-bounds write

EUVDB-ID: #VU69895

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-32625

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to a boundary error when processing untrusted input in display. A local application can trigger an out-of-bounds write and execute arbitrary code with elevated privileges.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

MT6761: All versions

MT6765: All versions

MT6768: All versions

MT6779: All versions

MT6781: All versions

MT6785: All versions

MT6789: All versions

MT6833: All versions

MT6853: All versions

MT6855: All versions

MT6873: All versions

MT6877: All versions

MT6879: All versions

MT6883: All versions

MT6885: All versions

MT6889: All versions

MT6893: All versions

MT6895: All versions

MT6983: All versions

MT8168: All versions

MT8365: All versions

MT8675: All versions

MT8766: All versions

MT8781: All versions

MT8791: All versions


CPE2.3 External links

http://corp.mediatek.com/product-security-bulletin/December-2022

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

12) Out-of-bounds write

EUVDB-ID: #VU69896

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-32626

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to a boundary error when processing untrusted input in display. A local application can trigger an out-of-bounds write and execute arbitrary code with elevated privileges.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

MT6761: All versions

MT6765: All versions

MT6768: All versions

MT6779: All versions

MT6781: All versions

MT6785: All versions

MT6789: All versions

MT6833: All versions

MT6853: All versions

MT6855: All versions

MT6873: All versions

MT6877: All versions

MT6879: All versions

MT6883: All versions

MT6885: All versions

MT6889: All versions

MT6893: All versions

MT6895: All versions

MT6983: All versions

MT8168: All versions

MT8365: All versions

MT8766: All versions

MT8781: All versions

MT8791: All versions


CPE2.3 External links

http://corp.mediatek.com/product-security-bulletin/December-2022

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

13) Out-of-bounds write

EUVDB-ID: #VU69897

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-32628

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to a boundary error when processing untrusted input in isp. A local application can trigger an out-of-bounds write and execute arbitrary code with elevated privileges.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

MT6833: All versions

MT6853: All versions

MT6855: All versions

MT6873: All versions

MT6877: All versions

MT6893: All versions

MT8791: All versions


CPE2.3 External links

http://corp.mediatek.com/product-security-bulletin/December-2022

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

14) Out-of-bounds write

EUVDB-ID: #VU69898

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-32629

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to a boundary error when processing untrusted input in isp. A local application can trigger an out-of-bounds write and execute arbitrary code with elevated privileges.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

MT6833: All versions

MT6853: All versions

MT6855: All versions

MT6873: All versions

MT6877: All versions

MT6893: All versions

MT8791: All versions


CPE2.3 External links

http://corp.mediatek.com/product-security-bulletin/December-2022

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

15) Stack-based buffer overflow

EUVDB-ID: #VU69899

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-32630

CWE-ID: CWE-121 - Stack-based buffer overflow

Exploit availability: No

Description

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to a boundary error in throttling component. A local application can trigger a stack-based buffer overflow and execute arbitrary code with elevated privileges.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

MT6789: All versions

MT6855: All versions

MT6895: All versions

MT6983: All versions

MT8781: All versions


CPE2.3 External links

http://corp.mediatek.com/product-security-bulletin/December-2022

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

16) Out-of-bounds write

EUVDB-ID: #VU69900

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-32631

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to a boundary error when processing untrusted input within the Wi-Fi subsystem. A local application can trigger an out-of-bounds write and execute arbitrary code with elevated privileges.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

MT6580: All versions

MT6739: All versions

MT6761: All versions

MT6765: All versions

MT6768: All versions

MT6771: All versions

MT6779: All versions

MT6781: All versions

MT6785: All versions

MT6789: All versions

MT6833: All versions

MT6853: All versions

MT6873: All versions

MT6877: All versions

MT6879: All versions

MT6883: All versions

MT6895: All versions

MT6983: All versions

MT8168: All versions

MT8365: All versions

MT8385: All versions

MT8666: All versions

MT8667: All versions

MT8675: All versions

MT8766: All versions

MT8768: All versions

MT8781: All versions

MT8786: All versions

MT8788: All versions

MT8789: All versions

MT8791: All versions

MT8797: All versions


CPE2.3 External links

http://corp.mediatek.com/product-security-bulletin/December-2022

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

17) Out-of-bounds write

EUVDB-ID: #VU69901

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-32632

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to a boundary error when processing untrusted input within the Wi-Fi subsystem. A local application can trigger an out-of-bounds write and execute arbitrary code with elevated privileges.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

MT6580: All versions

MT6735: All versions

MT6765: All versions

MT6768: All versions

MT6771: All versions

MT6779: All versions

MT6785: All versions

MT6833: All versions

MT6853: All versions

MT6873: All versions

MT6877: All versions

MT6885: All versions

MT6983: All versions

MT7663: All versions

MT7668: All versions

MT7902: All versions

MT7921: All versions

MT7933: All versions

MT8168: All versions

MT8365: All versions

MT8518: All versions

MT8532: All versions

MT8666: All versions

MT8667: All versions

MT8675: All versions

MT8695: All versions

MT8696: All versions

MT8766: All versions

MT8768: All versions

MT8786: All versions

MT8789: All versions

MT8791: All versions

MT8797: All versions


CPE2.3 External links

http://corp.mediatek.com/product-security-bulletin/December-2022

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

18) Incorrect Use of Privileged APIs

EUVDB-ID: #VU69902

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-32633

CWE-ID: CWE-648 - Incorrect Use of Privileged APIs

Exploit availability: No

Description

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to a logic error within the Wi-Fi subsystem. A local application can gain unauthorized access to memory and escalate privileges on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

MT6580: All versions

MT6739: All versions

MT6761: All versions

MT6762: All versions

MT6765: All versions

MT6768: All versions

MT6769: All versions

MT6771: All versions

MT6779: All versions

MT6781: All versions

MT6785: All versions

MT6789: All versions

MT6833: All versions

MT6853: All versions

MT6855: All versions

MT6873: All versions

MT6875: All versions

MT6877: All versions

MT6879: All versions

MT6883: All versions

MT6885: All versions

MT6889: All versions

MT6891: All versions

MT6893: All versions

MT6895: All versions

MT6983: All versions

MT7902: All versions

MT7921: All versions

MT8167S: All versions

MT8168: All versions

MT8175: All versions

MT8183: All versions

MT8185: All versions

MT8362A: All versions

MT8365: All versions

MT8385: All versions

MT8518: All versions

MT8532: All versions

MT8675: All versions

MT8695: All versions

MT8696: All versions

MT8766: All versions

MT8768: All versions

MT8786: All versions

MT8788: All versions

MT8789: All versions

MT8791: All versions

MT8797: All versions


CPE2.3 External links

http://corp.mediatek.com/product-security-bulletin/December-2022

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

19) Out-of-bounds write

EUVDB-ID: #VU69903

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-32634

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to a boundary error when processing untrusted input within the ccci component. A local application can trigger an out-of-bounds write and execute arbitrary code with elevated privileges.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

MT6761: All versions

MT6765: All versions

MT6768: All versions

MT6779: All versions

MT6781: All versions

MT6785: All versions

MT6833: All versions

MT6853: All versions

MT6855: All versions

MT6873: All versions

MT6877: All versions

MT6879: All versions

MT6883: All versions

MT6885: All versions

MT6889: All versions

MT6893: All versions

MT6895: All versions

MT6983: All versions

MT8321: All versions

MT8385: All versions

MT8666: All versions

MT8675: All versions

MT8765: All versions

MT8766: All versions

MT8768: All versions

MT8786: All versions

MT8788: All versions

MT8789: All versions

MT8791: All versions

MT8797: All versions


CPE2.3 External links

http://corp.mediatek.com/product-security-bulletin/December-2022

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?



###SIDEBAR###