#VU66977 Out-of-bounds write in MediaTek Hardware solutions


Published: 2022-09-05

Vulnerability identifier: #VU66977

Vulnerability risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-26468

CWE-ID: CWE-787

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
MT6735
Mobile applications / Mobile firmware & hardware
MT6739
Mobile applications / Mobile firmware & hardware
MT6761
Mobile applications / Mobile firmware & hardware
MT6763
Mobile applications / Mobile firmware & hardware
MT6765
Mobile applications / Mobile firmware & hardware
MT6768
Mobile applications / Mobile firmware & hardware
MT6771
Mobile applications / Mobile firmware & hardware
MT6833
Mobile applications / Mobile firmware & hardware
MT6855
Mobile applications / Mobile firmware & hardware
MT6879
Mobile applications / Mobile firmware & hardware
MT6895
Mobile applications / Mobile firmware & hardware
MT6983
Mobile applications / Mobile firmware & hardware
MT8163
Mobile applications / Mobile firmware & hardware
MT8167
Mobile applications / Mobile firmware & hardware
MT8167S
Mobile applications / Mobile firmware & hardware
MT8168
Mobile applications / Mobile firmware & hardware
MT8173
Mobile applications / Mobile firmware & hardware
MT8175
Mobile applications / Mobile firmware & hardware
MT8183
Mobile applications / Mobile firmware & hardware
MT8185
Mobile applications / Mobile firmware & hardware
MT8321
Mobile applications / Mobile firmware & hardware
MT8362A
Mobile applications / Mobile firmware & hardware
MT8365
Mobile applications / Mobile firmware & hardware
MT8385
Mobile applications / Mobile firmware & hardware
MT8666
Mobile applications / Mobile firmware & hardware
MT8667
Mobile applications / Mobile firmware & hardware
MT8675
Mobile applications / Mobile firmware & hardware
MT8735A
Mobile applications / Mobile firmware & hardware
MT8735B
Mobile applications / Mobile firmware & hardware
MT8765
Mobile applications / Mobile firmware & hardware
MT8766
Mobile applications / Mobile firmware & hardware
MT8768
Mobile applications / Mobile firmware & hardware
MT8786
Mobile applications / Mobile firmware & hardware
MT8788
Mobile applications / Mobile firmware & hardware
MT8789
Mobile applications / Mobile firmware & hardware
MT6779
Hardware solutions / Firmware
MT6781
Hardware solutions / Firmware
MT6785
Hardware solutions / Firmware
MT6853
Hardware solutions / Firmware
MT6873
Hardware solutions / Firmware
MT6877
Hardware solutions / Firmware
MT6885
Hardware solutions / Firmware
MT6893
Hardware solutions / Firmware
MT8797
Hardware solutions / Firmware

Vendor: MediaTek

Description

The vulnerability allows a local attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing untrusted input in preloader (usb). An attacker with physical access can trigger out-of-bounds write and execute arbitrary code on the target system with elevated privileges.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

MT6735: All versions

MT6739: All versions

MT6761: All versions

MT6763: All versions

MT6765: All versions

MT6768: All versions

MT6771: All versions

MT6779: All versions

MT6781: All versions

MT6785: All versions

MT6833: All versions

MT6853: All versions

MT6855: All versions

MT6873: All versions

MT6877: All versions

MT6879: All versions

MT6885: All versions

MT6893: All versions

MT6895: All versions

MT6983: All versions

MT8163: All versions

MT8167: All versions

MT8167S: All versions

MT8168: All versions

MT8173: All versions

MT8175: All versions

MT8183: All versions

MT8185: All versions

MT8321: All versions

MT8362A: All versions

MT8365: All versions

MT8385: All versions

MT8666: All versions

MT8667: All versions

MT8675: All versions

MT8735A: All versions

MT8735B: All versions

MT8765: All versions

MT8766: All versions

MT8768: All versions

MT8786: All versions

MT8788: All versions

MT8789: All versions

MT8797: All versions


CPE

External links
http://corp.mediatek.com/product-security-bulletin/September-2022


Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?


Latest bulletins with this vulnerability