Out-of-bounds read in MediaTek products - CVE-2022-32639
Published: January 3, 2023
Vulnerability identifier: #VU70633
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2022-32639
CWE-ID: CWE-125
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: MediaTek
Affected software:
MT6739
MT6768
MT6771
MT6833
MT8167
MT8167S
MT8362A
MT8385
MT8532
MT8765
MT8786
MT8791
MT6781
MT6785
MT6853
MT6873
MT6877
MT8518S
MT6739
MT6768
MT6771
MT6833
MT8167
MT8167S
MT8362A
MT8385
MT8532
MT8765
MT8786
MT8791
MT6781
MT6785
MT6853
MT6873
MT6877
MT8518S
Detailed vulnerability description
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a boundary condition within watchdog component. A local application can trigger out-of-bounds read error and escalate privileges on the system.
How to mitigate CVE-2022-32639
Install updates from vendor's website.