Multiple vulnerabilities in MediaTek chipsets
Security Bulletin
This security bulletin contains information about 19 vulnerabilities.
1) Buffer overflow
EUVDB-ID: #VU69877
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2022-32619
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a boundary error in keyinstall. A local application can trigger memory corruption and execute arbitrary code with elevated privileges.
Install updates from vendor's website.
Vulnerable software versionsMT6580: All versions
MT6731: All versions
MT6735: All versions
MT6737: All versions
MT6739: All versions
MT6753: All versions
MT6757: All versions
MT6757C: All versions
MT6757CD: All versions
MT6757CH: All versions
MT6761: All versions
MT6762: All versions
MT6763: All versions
MT6765: All versions
MT6768: All versions
MT6769: All versions
MT6771: All versions
MT6779: All versions
MT6781: All versions
MT6785: All versions
MT6789: All versions
MT6833: All versions
MT6853: All versions
MT6853T: All versions
MT6855: All versions
MT6873: All versions
MT6875: All versions
MT6877: All versions
MT6879: All versions
MT6883: All versions
MT6885: All versions
MT6889: All versions
MT6891: All versions
MT6893: All versions
MT6895: All versions
MT6983: All versions
MT8185: All versions
MT8321: All versions
MT8385: All versions
MT8666: All versions
MT8667: All versions
MT8765: All versions
MT8766: All versions
MT8768: All versions
MT8781: All versions
MT8786: All versions
MT8788: All versions
MT8789: All versions
MT8791: All versions
MT8791T: All versions
MT8797: All versions
CPE2.3 External links
http://corp.mediatek.com/product-security-bulletin/December-2022
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
2) Out-of-bounds write
EUVDB-ID: #VU69883
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2022-32598
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a boundary error when processing untrusted input in widevine. A local application can trigger an out-of-bounds write and execute arbitrary code with elevated privileges.
MitigationInstall updates from vendor's website.
Vulnerable software versionsMT6762: All versions
MT6765: All versions
MT6768: All versions
MT6769: All versions
MT6779: All versions
MT6781: All versions
MT6785: All versions
MT6789: All versions
MT6833: All versions
MT6853: All versions
MT6853T: All versions
MT6855: All versions
MT6873: All versions
MT6875: All versions
MT6877: All versions
MT6879: All versions
MT6883: All versions
MT6885: All versions
MT6889: All versions
MT6891: All versions
MT6893: All versions
MT6895: All versions
MT8385: All versions
MT8765: All versions
MT8766: All versions
MT8768: All versions
MT8781: All versions
MT8786: All versions
MT8788: All versions
MT8789: All versions
MT8791: All versions
MT8797: All versions
CPE2.3 External links
http://corp.mediatek.com/product-security-bulletin/December-2022
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
3) Out-of-bounds write
EUVDB-ID: #VU69882
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2022-32597
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a boundary error when processing untrusted input in widevine. A local application can trigger an out-of-bounds write and execute arbitrary code with elevated privileges.
MitigationInstall updates from vendor's website.
Vulnerable software versionsMT6762: All versions
MT6765: All versions
MT6768: All versions
MT6769: All versions
MT6779: All versions
MT6781: All versions
MT6785: All versions
MT6789: All versions
MT6833: All versions
MT6853: All versions
MT6853T: All versions
MT6855: All versions
MT6873: All versions
MT6875: All versions
MT6877: All versions
MT6879: All versions
MT6883: All versions
MT6885: All versions
MT6889: All versions
MT6891: All versions
MT6893: All versions
MT6895: All versions
MT8385: All versions
MT8765: All versions
MT8766: All versions
MT8768: All versions
MT8781: All versions
MT8786: All versions
MT8788: All versions
MT8789: All versions
MT8791: All versions
MT8797: All versions
CPE2.3 External links
http://corp.mediatek.com/product-security-bulletin/December-2022
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
4) Out-of-bounds write
EUVDB-ID: #VU69881
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2022-32594
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a boundary error when processing untrusted input in widevine. A local application can trigger an out-of-bounds write and execute arbitrary code with elevated privileges.
MitigationInstall updates from vendor's website.
Vulnerable software versionsMT6762: All versions
MT6765: All versions
MT6768: All versions
MT6769: All versions
MT6779: All versions
MT6781: All versions
MT6785: All versions
MT6789: All versions
MT6833: All versions
MT6853: All versions
MT6853T: All versions
MT6855: All versions
MT6873: All versions
MT6875: All versions
MT6877: All versions
MT6879: All versions
MT6883: All versions
MT6885: All versions
MT6889: All versions
MT6891: All versions
MT6893: All versions
MT6895: All versions
MT8385: All versions
MT8765: All versions
MT8766: All versions
MT8768: All versions
MT8781: All versions
MT8786: All versions
MT8788: All versions
MT8789: All versions
MT8791: All versions
MT8797: All versions
CPE2.3 External links
http://corp.mediatek.com/product-security-bulletin/December-2022
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
5) Out-of-bounds write
EUVDB-ID: #VU69888
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2022-32596
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a boundary error when processing untrusted input in widevine. A local application can trigger an out-of-bounds write and execute arbitrary code with elevated privileges.
MitigationInstall updates from vendor's website.
Vulnerable software versionsMT6762: All versions
MT6765: All versions
MT6768: All versions
MT6769: All versions
MT6779: All versions
MT6781: All versions
MT6785: All versions
MT6789: All versions
MT6833: All versions
MT6853: All versions
MT6853T: All versions
MT6855: All versions
MT6873: All versions
MT6875: All versions
MT6877: All versions
MT6879: All versions
MT6883: All versions
MT6885: All versions
MT6889: All versions
MT6891: All versions
MT6893: All versions
MT6895: All versions
MT8385: All versions
MT8765: All versions
MT8766: All versions
MT8768: All versions
MT8781: All versions
MT8786: All versions
MT8788: All versions
MT8789: All versions
MT8791: All versions
MT8797: All versions
CPE2.3 External links
http://corp.mediatek.com/product-security-bulletin/December-2022
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
6) Buffer overflow
EUVDB-ID: #VU69889
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2022-32620
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a boundary error within mpu. A local application can trigger memory corruption and execute arbitrary code with elevated privileges.
Install updates from vendor's website.
Vulnerable software versionsMT6781: All versions
MT6789: All versions
MT6833: All versions
MT6853: All versions
MT6873: All versions
MT6877: All versions
MT8781: All versions
MT8791: All versions
CPE2.3 External links
http://corp.mediatek.com/product-security-bulletin/December-2022
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
7) Out-of-bounds read
EUVDB-ID: #VU69890
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2022-32595
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local application to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within widevine. A local application can trigger an out-of-bounds read error and read contents of memory on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsMT6762: All versions
MT6765: All versions
MT6768: All versions
MT6769: All versions
MT6779: All versions
MT6781: All versions
MT6785: All versions
MT6789: All versions
MT6833: All versions
MT6853: All versions
MT6853T: All versions
MT6855: All versions
MT6873: All versions
MT6875: All versions
MT6877: All versions
MT6879: All versions
MT6883: All versions
MT6885: All versions
MT6889: All versions
MT6891: All versions
MT6893: All versions
MT6895: All versions
MT8385: All versions
MT8765: All versions
MT8766: All versions
MT8768: All versions
MT8781: All versions
MT8786: All versions
MT8788: All versions
MT8789: All versions
MT8791: All versions
MT8797: All versions
CPE2.3 External links
http://corp.mediatek.com/product-security-bulletin/December-2022
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
8) Race condition
EUVDB-ID: #VU69892
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2022-32621
Exploit availability: No
DescriptionThe vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a race condition within isp component. A local application can exploit the race and escalate privileges on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsMT6895: All versions
MT6983: All versions
CPE2.3 External links
http://corp.mediatek.com/product-security-bulletin/December-2022
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
9) Buffer overflow
EUVDB-ID: #VU69893
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2022-32622
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local application to escalate privileges on the system.
Install updates from vendor's website.
Vulnerable software versionsMT6789: All versions
MT6855: All versions
MT6879: All versions
MT6895: All versions
MT6983: All versions
MT8781: All versions
CPE2.3 External links
http://corp.mediatek.com/product-security-bulletin/December-2022
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
10) Buffer overflow
EUVDB-ID: #VU69894
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2022-32624
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local application to escalate privileges on the system.
Install updates from vendor's website.
Vulnerable software versionsMT6789: All versions
MT6855: All versions
MT6895: All versions
MT6983: All versions
MT8168: All versions
MT8365: All versions
MT8781: All versions
CPE2.3 External links
http://corp.mediatek.com/product-security-bulletin/December-2022
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
11) Out-of-bounds write
EUVDB-ID: #VU69895
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2022-32625
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a boundary error when processing untrusted input in display. A local application can trigger an out-of-bounds write and execute arbitrary code with elevated privileges.
MitigationInstall updates from vendor's website.
Vulnerable software versionsMT6761: All versions
MT6765: All versions
MT6768: All versions
MT6779: All versions
MT6781: All versions
MT6785: All versions
MT6789: All versions
MT6833: All versions
MT6853: All versions
MT6855: All versions
MT6873: All versions
MT6877: All versions
MT6879: All versions
MT6883: All versions
MT6885: All versions
MT6889: All versions
MT6893: All versions
MT6895: All versions
MT6983: All versions
MT8168: All versions
MT8365: All versions
MT8675: All versions
MT8766: All versions
MT8781: All versions
MT8791: All versions
CPE2.3 External links
http://corp.mediatek.com/product-security-bulletin/December-2022
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
12) Out-of-bounds write
EUVDB-ID: #VU69896
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2022-32626
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a boundary error when processing untrusted input in display. A local application can trigger an out-of-bounds write and execute arbitrary code with elevated privileges.
MitigationInstall updates from vendor's website.
Vulnerable software versionsMT6761: All versions
MT6765: All versions
MT6768: All versions
MT6779: All versions
MT6781: All versions
MT6785: All versions
MT6789: All versions
MT6833: All versions
MT6853: All versions
MT6855: All versions
MT6873: All versions
MT6877: All versions
MT6879: All versions
MT6883: All versions
MT6885: All versions
MT6889: All versions
MT6893: All versions
MT6895: All versions
MT6983: All versions
MT8168: All versions
MT8365: All versions
MT8766: All versions
MT8781: All versions
MT8791: All versions
CPE2.3 External links
http://corp.mediatek.com/product-security-bulletin/December-2022
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
13) Out-of-bounds write
EUVDB-ID: #VU69897
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2022-32628
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a boundary error when processing untrusted input in isp. A local application can trigger an out-of-bounds write and execute arbitrary code with elevated privileges.
MitigationInstall updates from vendor's website.
Vulnerable software versionsMT6833: All versions
MT6853: All versions
MT6855: All versions
MT6873: All versions
MT6877: All versions
MT6893: All versions
MT8791: All versions
CPE2.3 External links
http://corp.mediatek.com/product-security-bulletin/December-2022
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
14) Out-of-bounds write
EUVDB-ID: #VU69898
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2022-32629
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a boundary error when processing untrusted input in isp. A local application can trigger an out-of-bounds write and execute arbitrary code with elevated privileges.
MitigationInstall updates from vendor's website.
Vulnerable software versionsMT6833: All versions
MT6853: All versions
MT6855: All versions
MT6873: All versions
MT6877: All versions
MT6893: All versions
MT8791: All versions
CPE2.3 External links
http://corp.mediatek.com/product-security-bulletin/December-2022
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
15) Stack-based buffer overflow
EUVDB-ID: #VU69899
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2022-32630
CWE-ID:
CWE-121 - Stack-based buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a boundary error in throttling component. A local application can trigger a stack-based buffer overflow and execute arbitrary code with elevated privileges.
Install updates from vendor's website.
Vulnerable software versionsMT6789: All versions
MT6855: All versions
MT6895: All versions
MT6983: All versions
MT8781: All versions
CPE2.3 External links
http://corp.mediatek.com/product-security-bulletin/December-2022
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
16) Out-of-bounds write
EUVDB-ID: #VU69900
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2022-32631
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a boundary error when processing untrusted input within the Wi-Fi subsystem. A local application can trigger an out-of-bounds write and execute arbitrary code with elevated privileges.
MitigationInstall updates from vendor's website.
Vulnerable software versionsMT6580: All versions
MT6739: All versions
MT6761: All versions
MT6765: All versions
MT6768: All versions
MT6771: All versions
MT6779: All versions
MT6781: All versions
MT6785: All versions
MT6789: All versions
MT6833: All versions
MT6853: All versions
MT6873: All versions
MT6877: All versions
MT6879: All versions
MT6883: All versions
MT6895: All versions
MT6983: All versions
MT8168: All versions
MT8365: All versions
MT8385: All versions
MT8666: All versions
MT8667: All versions
MT8675: All versions
MT8766: All versions
MT8768: All versions
MT8781: All versions
MT8786: All versions
MT8788: All versions
MT8789: All versions
MT8791: All versions
MT8797: All versions
CPE2.3 External links
http://corp.mediatek.com/product-security-bulletin/December-2022
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
17) Out-of-bounds write
EUVDB-ID: #VU69901
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2022-32632
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a boundary error when processing untrusted input within the Wi-Fi subsystem. A local application can trigger an out-of-bounds write and execute arbitrary code with elevated privileges.
MitigationInstall updates from vendor's website.
Vulnerable software versionsMT6580: All versions
MT6735: All versions
MT6765: All versions
MT6768: All versions
MT6771: All versions
MT6779: All versions
MT6785: All versions
MT6833: All versions
MT6853: All versions
MT6873: All versions
MT6877: All versions
MT6885: All versions
MT6983: All versions
MT7663: All versions
MT7668: All versions
MT7902: All versions
MT7921: All versions
MT7933: All versions
MT8168: All versions
MT8365: All versions
MT8518: All versions
MT8532: All versions
MT8666: All versions
MT8667: All versions
MT8675: All versions
MT8695: All versions
MT8696: All versions
MT8766: All versions
MT8768: All versions
MT8786: All versions
MT8789: All versions
MT8791: All versions
MT8797: All versions
CPE2.3 External links
http://corp.mediatek.com/product-security-bulletin/December-2022
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
18) Incorrect Use of Privileged APIs
EUVDB-ID: #VU69902
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2022-32633
CWE-ID:
CWE-648 - Incorrect Use of Privileged APIs
Exploit availability: No
DescriptionThe vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a logic error within the Wi-Fi subsystem. A local application can gain unauthorized access to memory and escalate privileges on the system.
Install updates from vendor's website.
Vulnerable software versionsMT6580: All versions
MT6739: All versions
MT6761: All versions
MT6762: All versions
MT6765: All versions
MT6768: All versions
MT6769: All versions
MT6771: All versions
MT6779: All versions
MT6781: All versions
MT6785: All versions
MT6789: All versions
MT6833: All versions
MT6853: All versions
MT6855: All versions
MT6873: All versions
MT6875: All versions
MT6877: All versions
MT6879: All versions
MT6883: All versions
MT6885: All versions
MT6889: All versions
MT6891: All versions
MT6893: All versions
MT6895: All versions
MT6983: All versions
MT7902: All versions
MT7921: All versions
MT8167S: All versions
MT8168: All versions
MT8175: All versions
MT8183: All versions
MT8185: All versions
MT8362A: All versions
MT8365: All versions
MT8385: All versions
MT8518: All versions
MT8532: All versions
MT8675: All versions
MT8695: All versions
MT8696: All versions
MT8766: All versions
MT8768: All versions
MT8786: All versions
MT8788: All versions
MT8789: All versions
MT8791: All versions
MT8797: All versions
CPE2.3 External links
http://corp.mediatek.com/product-security-bulletin/December-2022
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
19) Out-of-bounds write
EUVDB-ID: #VU69903
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2022-32634
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a boundary error when processing untrusted input within the ccci component. A local application can trigger an out-of-bounds write and execute arbitrary code with elevated privileges.
MitigationInstall updates from vendor's website.
Vulnerable software versionsMT6761: All versions
MT6765: All versions
MT6768: All versions
MT6779: All versions
MT6781: All versions
MT6785: All versions
MT6833: All versions
MT6853: All versions
MT6855: All versions
MT6873: All versions
MT6877: All versions
MT6879: All versions
MT6883: All versions
MT6885: All versions
MT6889: All versions
MT6893: All versions
MT6895: All versions
MT6983: All versions
MT8321: All versions
MT8385: All versions
MT8666: All versions
MT8675: All versions
MT8765: All versions
MT8766: All versions
MT8768: All versions
MT8786: All versions
MT8788: All versions
MT8789: All versions
MT8791: All versions
MT8797: All versions
CPE2.3 External links
http://corp.mediatek.com/product-security-bulletin/December-2022
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
