#VU71984 Use-after-free in MediaTek products - CVE-2022-32643

CSH
CYBERSECURITY HELP
Sign In REGISTER
 
Main Vulnerability Database Vulnerabilities #VU71984

#VU71984 Use-after-free in MediaTek products - CVE-2022-32643

Published: February 7, 2023


Vulnerability identifier: #VU71984
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2022-32643
CWE-ID: CWE-416
Exploitation vector: Local access
Exploit availability: No public exploit available
Vulnerable software:
MT6879
MT6895
MT6983
Software vendor:
MediaTek

Description

The vulnerability allows a local user to compromise vulnerable system.

The vulnerability exists due to a use-after-free error in ccd. A local user can gain elevated privileges on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.


Remediation

Install updates from vendor's website.

External links