#VU71987 Input validation error in MediaTek


Published: 2023-02-07

Vulnerability identifier: #VU71987

Vulnerability risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-32656

CWE-ID: CWE-20

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
MT5221
Mobile applications / Mobile firmware & hardware
MT7603
Mobile applications / Mobile firmware & hardware
MT7613
Mobile applications / Mobile firmware & hardware
MT7615
Mobile applications / Mobile firmware & hardware
MT7622
Mobile applications / Mobile firmware & hardware
MT7628
Mobile applications / Mobile firmware & hardware
MT7629
Mobile applications / Mobile firmware & hardware
MT7663
Mobile applications / Mobile firmware & hardware
MT7668
Mobile applications / Mobile firmware & hardware
MT7682
Mobile applications / Mobile firmware & hardware
MT7686
Mobile applications / Mobile firmware & hardware
MT7687
Mobile applications / Mobile firmware & hardware
MT7697
Mobile applications / Mobile firmware & hardware
MT7902
Mobile applications / Mobile firmware & hardware
MT7915
Mobile applications / Mobile firmware & hardware
MT7916
Mobile applications / Mobile firmware & hardware
MT7921
Mobile applications / Mobile firmware & hardware
MT7933
Mobile applications / Mobile firmware & hardware
MT7981
Mobile applications / Mobile firmware & hardware
MT7986
Mobile applications / Mobile firmware & hardware
MT8167S
Mobile applications / Mobile firmware & hardware
MT8175
Mobile applications / Mobile firmware & hardware
MT8362A
Mobile applications / Mobile firmware & hardware
MT8365
Mobile applications / Mobile firmware & hardware
MT8385
Mobile applications / Mobile firmware & hardware
MT8532
Mobile applications / Mobile firmware & hardware
MT8695
Mobile applications / Mobile firmware & hardware
MT8696
Mobile applications / Mobile firmware & hardware
MT8788
Mobile applications / Mobile firmware & hardware
MT8518S
/

Vendor: MediaTek

Description

The vulnerability allows a local user to escalate privileges.

The vulnerability exists due to incorrect error handling in Wi-Fi driver. A local user can pass specially crafted input to the application and gain elevated privileges on the target system.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

MT5221: All versions

MT7603: All versions

MT7613: All versions

MT7615: All versions

MT7622: All versions

MT7628: All versions

MT7629: All versions

MT7663: All versions

MT7668: All versions

MT7682: All versions

MT7686: All versions

MT7687: All versions

MT7697: All versions

MT7902: All versions

MT7915: All versions

MT7916: All versions

MT7921: All versions

MT7933: All versions

MT7981: All versions

MT7986: All versions

MT8167S: All versions

MT8175: All versions

MT8362A: All versions

MT8365: All versions

MT8385: All versions

MT8518S: All versions

MT8532: All versions

MT8695: All versions

MT8696: All versions

MT8788: All versions

External links
http://corp.mediatek.com/product-security-bulletin/February-2023

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Multiple vulnerabilities in MediaTek Chipsets