Out-of-bounds write in MediaTek products - CVE-2022-26438
Published: August 3, 2022
Vulnerability identifier: #VU66054
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2022-26438
CWE-ID: CWE-787
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: MediaTek
Affected software:
MT7603
MT7610
MT7612
MT7613
MT7615
MT7620
MT7622
MT7628
MT7629
MT7915
MT7916
MT7986
MT8981
MT7603
MT7610
MT7612
MT7613
MT7615
MT7620
MT7622
MT7628
MT7629
MT7915
MT7916
MT7986
MT8981
Detailed vulnerability description
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a boundary error within the wifi driver. A local application can trigger an out-of-bounds write and execute arbitrary code with elevated privileges.
How to mitigate CVE-2022-26438
Install updates from vendor's website.