Vulnerability identifier: #VU66979

Vulnerability risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-26470

CWE-ID: CWE-787

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
MT6879
Mobile applications / Mobile firmware & hardware
MT6895
Mobile applications / Mobile firmware & hardware
MT6983
Mobile applications / Mobile firmware & hardware
MT8321
Mobile applications / Mobile firmware & hardware
MT8385
Mobile applications / Mobile firmware & hardware
MT8765
Mobile applications / Mobile firmware & hardware
MT8766
Mobile applications / Mobile firmware & hardware
MT8768
Mobile applications / Mobile firmware & hardware
MT8786
Mobile applications / Mobile firmware & hardware
MT8788
Mobile applications / Mobile firmware & hardware
MT8789
Mobile applications / Mobile firmware & hardware

Vendor: MediaTek

Description

The vulnerability allows a local user to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing untrusted input in aie. A local user can trigger out-of-bounds write and execute arbitrary code on the target system with elevated privileges.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

MT6879: All versions

MT6895: All versions

MT6983: All versions

MT8321: All versions

MT8385: All versions

MT8765: All versions

MT8766: All versions

MT8768: All versions

MT8786: All versions

MT8788: All versions

MT8789: All versions

---

CPE

• cpe:2.3:a:mediatek:mt6879:*:*:*:*:*:*:*:*

External links
http://corp.mediatek.com/product-security-bulletin/September-2022

---

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?