Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-20064: April 2022

In ccci, there is a possible leak of kernel pointer due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06108617; Issue ID: ALPS06108617.

CVE
#vulnerability#web#android#dos#rce#perl

April 2022 Product Security Bulletin

Published 2022-04-06

The MediaTek Product Security Bulletin contains details of security vulnerabilities affecting MediaTek Smartphone, Tablet, AIoT, Smart display, Smart platform and OTT chipsets. Device OEMs have been notified of all the issues and the corresponding security patches for at least two months before publication.

The severity of the identified vulnerabilities was conducted based on the Common Vulnerability Scoring System version 3.1 (CVSS v3.1).

****Summary****

Severity

CVEs

High

CVE-2022-20081, CVE-2021-25477

Medium

CVE-2022-20062, CVE-2022-20063, CVE-2022-20064, CVE-2022-20065, CVE-2022-20066, CVE-2022-20067, CVE-2022-20052, CVE-2022-20068, CVE-2022-20069, CVE-2022-20070, CVE-2022-20071, CVE-2022-20072, CVE-2022-20073, CVE-2022-20074, CVE-2022-20075, CVE-2022-20076, CVE-2022-20077, CVE-2022-20078, CVE-2022-20079, CVE-2022-20080

****Details****

CVE

CVE-2022-20081

Title

Insecure default initialization of resource in A-GPS

Severity

High

Vulnerability Type

ID

CWE

CWE-1188 Insecure Default Initialization of Resource

Description

In A-GPS, there is a possible man in the middle attack due to improper certificate validation. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT6580, MT6735, MT6737, MT6739, MT6753, MT6761, MT6765, MT6768, MT6771, MT6779, MT6781, MT6785, MT6833, MT6853, MT6873, MT6877, MT6879, MT6883, MT6885, MT6889, MT6893, MT6895, MT6983, MT8666, MT8667, MT8675

Affected Software Versions

Android 10.0, 11.0, 12.0

CVE

CVE-2021-25477

Title

Double free in Modem LTE RRC

Severity

High

Vulnerability Type

DoS

CWE

CWE-415 Double Free

Description

In Modem LTE RRC, there is a possible memory corruption due to a double free. This could lead to remote denial of service when decoding an incorrect ASN.1 data with no additional execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT6735, MT6737, MT6739, MT6750S, MT6757, MT6757P, MT6761, MT6762, MT6762D, MT6762M, MT6763, MT6765, MT6765T, MT6767, MT6768, MT6769, MT6769T, MT6769Z, MT6771, MT6779, MT6781, MT6783, MT6785, MT6785T, MT6833, MT6853, MT6873, MT6875, MT6877, MT6880, MT6883, MT6885, MT6889, MT6890, MT6891, MT6893, MT8666, MT8667, MT8675, MT8735A, MT8735B, MT8765, MT8766, MT8768, MT8786, MT8788, MT8789, MT8791, MT8797

Affected Software Versions

Modem LR9, LR11, LR12, LR12A, LR13, NR15

CVE

CVE-2022-20062

Title

Use after free in mdp

Severity

Medium

Vulnerability Type

EoP

CWE

CWE-416 Use After Free

Description

In mdp, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is no needed for exploitation.

Affected Chipsets

MT6765, MT6785, MT6833, MT6853, MT6853T, MT6873, MT6877, MT6879, MT6885, MT6891, MT6893, MT8163, MT8167, MT8167S, MT8168, MT8173, MT8175, MT8183, MT8185, MT8321, MT8362A, MT8365, MT8385, MT8666, MT8667, MT8675, MT8735A, MT8735B, MT8765, MT8766, MT8768, MT8786, MT8788, MT8789, MT8791, MT8797

Affected Software Versions

Android 11.0, 12.0

CVE

CVE-2022-20063

Title

Out-of-bounds write in atf (spm)

Severity

Medium

Vulnerability Type

EoP

CWE

CWE-787 Out-of-bounds Write

Description

In atf (spm), there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation.

Affected Chipsets

MT6765, MT8385, MT8666, MT8667, MT8766, MT8786, MT8788

Affected Software Versions

Android 9.0, 10.0

CVE

CVE-2022-20064

Title

Out-of-bounds read in ccci

Severity

Medium

Vulnerability Type

ID

CWE

CWE-125 Out-of-bounds Read

Description

In ccci, there is a possible leak of kernel pointer due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT6580, MT6737, MT6739, MT6761, MT6762, MT6763, MT6765, MT6768, MT6769, MT6779, MT6781, MT6785, MT6789, MT6833, MT6853, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6889, MT6893, MT6895, MT6983, MT6985, MT8321, MT8667, MT8675, MT8765, MT8766, MT8768, MT8786, MT8788, MT8789, MT8797

Affected Software Versions

Android 10.0, 11.0, 12.0

CVE

CVE-2022-20065

Title

Out-of-bounds read in ccci

Severity

Medium

Vulnerability Type

ID

CWE

CWE-125 Out-of-bounds Read

Description

In ccci, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT6580, MT6737, MT6739, MT6761, MT6762, MT6765, MT6768, MT6769, MT6779, MT6781, MT6785, MT6833, MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6983, MT8321, MT8667, MT8675, MT8765, MT8766, MT8768, MT8786, MT8788, MT8789, MT8797

Affected Software Versions

Android 10.0, 11.0, 12.0

CVE

CVE-2022-20066

Title

Improper handling of exceptional conditions in atf (hwfde)

Severity

Medium

Vulnerability Type

ID

CWE

CWE-755 Improper Handling of Exceptional Conditions

Description

In atf (hwfde), there is a possible leak of sensitive information due to incorrect error handling. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT8168, MT8365, MT8696

Affected Software Versions

Android 11.0, 12.0

CVE

CVE-2022-20067

Title

Improper input validation in mdp

Severity

Medium

Vulnerability Type

EoP

CWE

CWE-20 Improper Input Validation

Description

In mdp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is no needed for exploitation.

Affected Chipsets

MT6731, MT6735, MT6739, MT6750, MT6755, MT6755S, MT6757, MT6761, MT6762, MT6763, MT6765, MT6768, MT6769, MT6771, MT6779, MT6785, MT6833, MT6853, MT6853T, MT6873, MT6885, MT6891, MT6893, MT8167, MT8167S, MT8168, MT8173, MT8183, MT8185, MT8321, MT8362A, MT8365, MT8385, MT8666, MT8667, MT8675, MT8735A, MT8735B, MT8765, MT8766, MT8768, MT8786, MT8788, MT8789, MT8791, MT8797

Affected Software Versions

Android 9.0, 10.0, 11.0, 12.0

CVE

CVE-2022-20052

Title

Use after free in mdp

Severity

Medium

Vulnerability Type

EoP

CWE

CWE-416 Use After Free

Description

In mdp, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation.

Affected Chipsets

MT6580, MT6735, MT6737, MT6739, MT6750, MT6753, MT6755, MT6762, MT6763, MT6765, MT6768, MT6769, MT6771, MT6779, MT6781, MT6785, MT6833, MT6853, MT6853T, MT6873, MT6877, MT6885, MT6890, MT6891, MT6893, MT8163, MT8167, MT8167S, MT8168, MT8173, MT8175, MT8183, MT8321, MT8362A, MT8365, MT8385, MT8666, MT8667, MT8735A, MT8735B, MT8765, MT8766, MT8768, MT8786, MT8788

Affected Software Versions

Android 11.0, 12.0

CVE

CVE-2022-20068

Title

Unix symbolic link (symlink) following in mobile_log_d

Severity

Medium

Vulnerability Type

EoP

CWE

CWE-61 UNIX Symbolic Link (Symlink) Following

Description

In mobile_log_d, there is a possible symbolic link following due to an improper link resolution. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT6731, MT6732, MT6735, MT6737, MT6739, MT6761, MT6762, MT6763, MT6765, MT6768, MT6769, MT6771, MT6779, MT6781, MT6785, MT6795, MT6799, MT6833, MT6853T, MT6873, MT6875, MT6877, MT6880, MT6883, MT6885, MT6889, MT6890, MT6891, MT6893, MT6985, MT8163, MT8167, MT8167S, MT8168, MT8173, MT8175, MT8183, MT8185, MT8321, MT8362A, MT8365, MT8385, MT8666, MT8667, MT8675, MT8735A, MT8735B, MT8765, MT8766, MT8768, MT8786, MT8788, MT8789, MT8791, MT8797

Affected Software Versions

Android 10.0, 11.0, 12.0

CVE

CVE-2022-20069

Title

Integer overflow or wraparound in preloader (usb)

Severity

Medium

Vulnerability Type

EoP

CWE

CWE-190 Integer Overflow or Wraparound

Description

In preloader (usb), there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege, for an attacker who has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation.

Affected Chipsets

MT6580, MT6735, MT6739, MT6761, MT6762, MT6763, MT6765, MT6768, MT6769, MT6771, MT6779, MT6781, MT6785, MT6799, MT6833, MT6853, MT6853T, MT6873, MT6877, MT6885, MT6893, MT6983, MT8167, MT8167S, MT8168, MT8173, MT8175, MT8183, MT8185, MT8321, MT8362A, MT8365, MT8385, MT8666, MT8667, MT8675, MT8695, MT8696, MT8765, MT8766, MT8768, MT8786, MT8788, MT8789, MT8791, MT8797

Affected Software Versions

Android 10.0, 11.0, 12.0

CVE

CVE-2022-20070

Title

Improper input validation in ssmr

Severity

Medium

Vulnerability Type

EoP

CWE

CWE-20 Improper Input Validation

Description

In ssmr, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is no needed for exploitation.

Affected Chipsets

MT6731, MT6732, MT6735, MT6737, MT6739, MT6750, MT6750S, MT6752, MT6753, MT6755, MT6755S, MT6757, MT6757C, MT6757CD, MT6757CH, MT6758, MT6761, MT6762, MT6763, MT6765, MT6768, MT6769, MT6771, MT6779, MT6781, MT6785, MT6789, MT6795, MT6797, MT6799, MT6833, MT6853, MT6853T, MT6873, MT6875, MT6877, MT6879, MT6880, MT6883, MT6885, MT6889, MT6890, MT6891, MT6893, MT6895, MT6983, MT6985

Affected Software Versions

Android 11.0, 12.0

CVE

CVE-2022-20071

Title

Improperly implemented security check for standard in ccu

Severity

Medium

Vulnerability Type

EoP

CWE

CWE-358 Improperly Implemented Security Check for Standard

Description

In ccu, there is a possible escalation of privilege due to a missing certificate validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is no needed for exploitation.

Affected Chipsets

MT6833, MT6853, MT6873, MT6877, MT6885, MT6893, MT8797

Affected Software Versions

Android 11.0, 12.0

CVE

CVE-2022-20072

Title

Incorrect comparison in search engine service

Severity

Medium

Vulnerability Type

EoP

CWE

CWE-697 Incorrect Comparison

Description

In search engine service, there is a possible way to change the default search engine due to an incorrect comparison. This could lead to local escalation of privilege with System execution privileges needed. User interaction is no needed for exploitation.

Affected Chipsets

MT6580, MT6735, MT6737, MT6739, MT6753, MT6755, MT6755S, MT6761, MT6765, MT6768, MT6769, MT6771, MT6779, MT6781, MT6785, MT6789, MT6795, MT6797, MT6799, MT6833, MT6853, MT6853T, MT6873, MT6875, MT6877, MT6879, MT6880, MT6883, MT6885, MT6889, MT6890, MT6891, MT6893, MT6895, MT6983, MT6985, MT8167, MT8167S, MT8168, MT8173, MT8175, MT8183, MT8185, MT8321, MT8362A, MT8365, MT8385, MT8675, MT8765, MT8766, MT8768, MT8786, MT8788, MT8791, MT8797

Affected Software Versions

Android 11.0, 12.0

CVE

CVE-2022-20073

Title

Integer underflow (wrap or wraparound) in preloader (usb)

Severity

Medium

Vulnerability Type

EoP

CWE

CWE-191 Integer Underflow (Wrap or Wraparound)

Description

In preloader (usb), there is a possible out of bounds write due to a integer underflow. This could lead to local escalation of privilege, for an attacker who has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation.

Affected Chipsets

MT2601, MT6580, MT6735, MT6739, MT6761, MT6763, MT6765, MT6768, MT6771, MT6779, MT6781, MT6785, MT6799, MT6833, MT6873, MT6877, MT6885, MT6893, MT8163, MT8167, MT8167S, MT8168, MT8173, MT8175, MT8183, MT8185, MT8321, MT8362A, MT8365, MT8385, MT8666, MT8667, MT8675, MT8695, MT8696, MT8765, MT8766, MT8768, MT8786, MT8788, MT8789, MT8791, MT8797

Affected Software Versions

Android 10.0, 11.0, 12.0

CVE

CVE-2022-20074

Title

Out-of-bounds read in preloader (partition)

Severity

Medium

Vulnerability Type

EoP

CWE

CWE-125 Out-of-bounds Read

Description

In preloader (partition), there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, for an attacker who has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation.

Affected Chipsets

MT6761, MT6762, MT6763, MT6765, MT6768, MT6769, MT6779, MT6833, MT6853, MT6853T, MT6873, MT6875, MT6877, MT6879, MT6880, MT6883, MT6885, MT6889, MT6890, MT6891, MT6893, MT6895, MT6983, MT6985, MT8185, MT8321, MT8385, MT8667, MT8675, MT8695, MT8766, MT8768, MT8786, MT8788, MT8789, MT8791, MT8797

Affected Software Versions

Android 10.0, 11.0, 12.0

CVE

CVE-2022-20075

Title

Integer overflow or wraparound in ged

Severity

Medium

Vulnerability Type

EoP

CWE

CWE-190 Integer Overflow or Wraparound

Description

In ged, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT6580, MT6731, MT6735, MT6750S, MT6753, MT6755S, MT6757, MT6757C, MT6757CD, MT6757CH, MT6761, MT6762, MT6763, MT6765, MT6768, MT6769, MT6771, MT6779, MT6781, MT6785, MT6833, MT6853, MT6853T, MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893, MT8127, MT8135, MT8163, MT8167, MT8167S, MT8168, MT8173, MT8175, MT8176, MT8183, MT8312C, MT8312D, MT8321, MT8362A, MT8365, MT8382, MT8385, MT8389, MT8392, MT8392_90, MT8665, MT8685, MT8693, MT8735, MT8735B, MT8735M, MT8752, MT8765, MT8783, MT8785, MT8788

Affected Software Versions

Android 10.0, 11.0, 12.0

CVE

CVE-2022-20076

Title

Improper handling of exceptional conditions in ged

Severity

Medium

Vulnerability Type

ID

CWE

CWE-755 Improper Handling of Exceptional Conditions

Description

In ged, there is a possible memory corruption due to an incorrect error handling. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT6580, MT6731, MT6735, MT6750S, MT6753, MT6755S, MT6757, MT6757C, MT6757CD, MT6757CH, MT6761, MT6762, MT6763, MT6765, MT6768, MT6769, MT6771, MT6779, MT6781, MT6785, MT6833, MT6853, MT6853T, MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893, MT8127, MT8135, MT8163, MT8167, MT8167S, MT8168, MT8173, MT8175, MT8176, MT8183, MT8312C, MT8312D, MT8321, MT8362A, MT8365, MT8382, MT8385, MT8389, MT8392, MT8392_90, MT8665, MT8685, MT8693, MT8735, MT8735B, MT8735M, MT8752, MT8765, MT8783, MT8785, MT8788

Affected Software Versions

Android 10.0, 11.0, 12.0

CVE

CVE-2022-20077

Title

Concurrent execution using shared resource with improper synchronization (‘race condition’) in vow

Severity

Medium

Vulnerability Type

EoP

CWE

CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization (‘Race Condition’)

Description

In vow, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is no needed for exploitation.

Affected Chipsets

MT6781, MT6785, MT6833, MT6853, MT6853T, MT6873, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893, MT8185, MT8789, MT8791, MT8797

Affected Software Versions

Android 10.0, 11.0

CVE

CVE-2022-20078

Title

Concurrent execution using shared resource with improper synchronization (‘race condition’) in vow

Severity

Medium

Vulnerability Type

EoP

CWE

CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization (‘Race Condition’)

Description

In vow, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is no needed for exploitation.

Affected Chipsets

MT6833, MT6853, MT6853T, MT6873, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893, MT8791, MT8797

Affected Software Versions

Android 11.0, 12.0

CVE

CVE-2022-20079

Title

Improper input validation in vow

Severity

Medium

Vulnerability Type

ID

CWE

CWE-20 Improper Input Validation

Description

In vow, there is a possible read of uninitialized data due to a improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is no needed for exploitation.

Affected Chipsets

MT6781, MT6785, MT6833, MT6853, MT6853T, MT6873, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893, MT8185, MT8789, MT8791, MT8797

Affected Software Versions

Android 10.0, 11.0

CVE

CVE-2022-20080

Title

Concurrent execution using shared resource with improper synchronization (‘race condition’) in SUB2AF

Severity

Medium

Vulnerability Type

EoP

CWE

CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization (‘Race Condition’)

Description

In SUB2AF, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is no needed for exploitation.

Affected Chipsets

MT6580, MT6735, MT6737, MT6739, MT6753, MT6757, MT6761, MT6763, MT6765, MT6768, MT6771, MT6779, MT6781, MT6785, MT6833, MT6853, MT6873, MT6877, MT6883, MT6885, MT6889, MT6893, MT8168, MT8321, MT8365, MT8666, MT8765, MT8766, MT8768, MT8786, MT8788, MT8791, MT8797

Affected Software Versions

Android 9.0, 10.0, 11.0, 12.0

****Vulnerability Type Definition****

Abbreviation

Definition

RCE

Remote Code Execution

EoP

Elevation of Privilege

ID

Information Disclosure

DoS

Denial of Service

N/A

Classification not available

****Versions****

Version

Date

Description

1.0

April 6, 2022

Bulletin published.

****Notes****

Information above is generated only at the time of creation of this Security Bulletin. The list of affected chipsets could be not complete. For any further information, device OEMs can reach your MediaTek contact person if needed.

If you want to report a security vulnerability in MediaTek chipsets or products, please go to Report Security Vulnerability page on MediaTek website.

Related news

CVE-2021-31578: Acknowledgements

In Boa, there is a possible escalation of privilege due to a stack buffer overflow. This could lead to remote escalation of privilege from a proximal attacker with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: A20210008; Issue ID: OSBNB00123241.

CVE-2022-41587: October

Uncaptured exceptions in the home screen module. Successful exploitation of this vulnerability may affect stability.

CVE-2022-31761: June

Configuration defects in the secure OS module. Successful exploitation of this vulnerability will affect confidentiality.

CVE-2022-20066: May 2022

In atf (hwfde), there is a possible leak of sensitive information due to incorrect error handling. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06171729; Issue ID: ALPS06171729.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907