#VU66964 Improper Handling of Exceptional Conditions in MediaTek Mobile applications


Published: 2022-09-05

Vulnerability identifier: #VU66964

Vulnerability risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-26455

CWE-ID:

Exploitation vector: Local

Exploit availability:

Vulnerable software:
MT6789
Mobile applications / Mobile firmware & hardware
MT6855
Mobile applications / Mobile firmware & hardware
MT6879
Mobile applications / Mobile firmware & hardware
MT6895
Mobile applications / Mobile firmware & hardware
MT6983
Mobile applications / Mobile firmware & hardware

Vendor: MediaTek

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to incorrect error handling in gz. A local user can gain elevated privileges on the target system.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

MT6789: All versions

MT6855: All versions

MT6879: All versions

MT6895: All versions

MT6983: All versions

Fixed software versions

CPE

External links
http://corp.mediatek.com/product-security-bulletin/September-2022

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?


Latest bulletins with this vulnerability


Multiple vulnerabilities in MediaTek Chipsets