Integer overflow in MediaTek products - CVE-2022-21760
Published: March 7, 2023
Vulnerability identifier: #VU73098
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2022-21760
CWE-ID: CWE-190
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: MediaTek
Affected software:
MT6853
MT6853T
MT6873
MT6875
MT6877
MT6883
MT6885
MT6889
MT6891
MT6893
MT9636
MT9638
MT9666
MT6853
MT6853T
MT6873
MT6875
MT6877
MT6883
MT6885
MT6889
MT6891
MT6893
MT9636
MT9638
MT9666
Detailed vulnerability description
The vulnerability allows a local privileged application to perform service disruption.
The vulnerability exists due to an integer overflow within apusys driver. A local privileged application can perform service disruption.
How to mitigate CVE-2022-21760
Install security update from vendor's website.