Headline
CVE-2022-20064: April 2022
In ccci, there is a possible leak of kernel pointer due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06108617; Issue ID: ALPS06108617.
April 2022 Product Security Bulletin
Published 2022-04-06
The MediaTek Product Security Bulletin contains details of security vulnerabilities affecting MediaTek Smartphone, Tablet, AIoT, Smart display, Smart platform and OTT chipsets. Device OEMs have been notified of all the issues and the corresponding security patches for at least two months before publication.
The severity of the identified vulnerabilities was conducted based on the Common Vulnerability Scoring System version 3.1 (CVSS v3.1).
****Summary****
Severity
CVEs
High
CVE-2022-20081, CVE-2021-25477
Medium
CVE-2022-20062, CVE-2022-20063, CVE-2022-20064, CVE-2022-20065, CVE-2022-20066, CVE-2022-20067, CVE-2022-20052, CVE-2022-20068, CVE-2022-20069, CVE-2022-20070, CVE-2022-20071, CVE-2022-20072, CVE-2022-20073, CVE-2022-20074, CVE-2022-20075, CVE-2022-20076, CVE-2022-20077, CVE-2022-20078, CVE-2022-20079, CVE-2022-20080
****Details****
CVE
CVE-2022-20081
Title
Insecure default initialization of resource in A-GPS
Severity
High
Vulnerability Type
ID
CWE
CWE-1188 Insecure Default Initialization of Resource
Description
In A-GPS, there is a possible man in the middle attack due to improper certificate validation. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets
MT6580, MT6735, MT6737, MT6739, MT6753, MT6761, MT6765, MT6768, MT6771, MT6779, MT6781, MT6785, MT6833, MT6853, MT6873, MT6877, MT6879, MT6883, MT6885, MT6889, MT6893, MT6895, MT6983, MT8666, MT8667, MT8675
Affected Software Versions
Android 10.0, 11.0, 12.0
CVE
CVE-2021-25477
Title
Double free in Modem LTE RRC
Severity
High
Vulnerability Type
DoS
CWE
CWE-415 Double Free
Description
In Modem LTE RRC, there is a possible memory corruption due to a double free. This could lead to remote denial of service when decoding an incorrect ASN.1 data with no additional execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets
MT6735, MT6737, MT6739, MT6750S, MT6757, MT6757P, MT6761, MT6762, MT6762D, MT6762M, MT6763, MT6765, MT6765T, MT6767, MT6768, MT6769, MT6769T, MT6769Z, MT6771, MT6779, MT6781, MT6783, MT6785, MT6785T, MT6833, MT6853, MT6873, MT6875, MT6877, MT6880, MT6883, MT6885, MT6889, MT6890, MT6891, MT6893, MT8666, MT8667, MT8675, MT8735A, MT8735B, MT8765, MT8766, MT8768, MT8786, MT8788, MT8789, MT8791, MT8797
Affected Software Versions
Modem LR9, LR11, LR12, LR12A, LR13, NR15
CVE
CVE-2022-20062
Title
Use after free in mdp
Severity
Medium
Vulnerability Type
EoP
CWE
CWE-416 Use After Free
Description
In mdp, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is no needed for exploitation.
Affected Chipsets
MT6765, MT6785, MT6833, MT6853, MT6853T, MT6873, MT6877, MT6879, MT6885, MT6891, MT6893, MT8163, MT8167, MT8167S, MT8168, MT8173, MT8175, MT8183, MT8185, MT8321, MT8362A, MT8365, MT8385, MT8666, MT8667, MT8675, MT8735A, MT8735B, MT8765, MT8766, MT8768, MT8786, MT8788, MT8789, MT8791, MT8797
Affected Software Versions
Android 11.0, 12.0
CVE
CVE-2022-20063
Title
Out-of-bounds write in atf (spm)
Severity
Medium
Vulnerability Type
EoP
CWE
CWE-787 Out-of-bounds Write
Description
In atf (spm), there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation.
Affected Chipsets
MT6765, MT8385, MT8666, MT8667, MT8766, MT8786, MT8788
Affected Software Versions
Android 9.0, 10.0
CVE
CVE-2022-20064
Title
Out-of-bounds read in ccci
Severity
Medium
Vulnerability Type
ID
CWE
CWE-125 Out-of-bounds Read
Description
In ccci, there is a possible leak of kernel pointer due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets
MT6580, MT6737, MT6739, MT6761, MT6762, MT6763, MT6765, MT6768, MT6769, MT6779, MT6781, MT6785, MT6789, MT6833, MT6853, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6889, MT6893, MT6895, MT6983, MT6985, MT8321, MT8667, MT8675, MT8765, MT8766, MT8768, MT8786, MT8788, MT8789, MT8797
Affected Software Versions
Android 10.0, 11.0, 12.0
CVE
CVE-2022-20065
Title
Out-of-bounds read in ccci
Severity
Medium
Vulnerability Type
ID
CWE
CWE-125 Out-of-bounds Read
Description
In ccci, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets
MT6580, MT6737, MT6739, MT6761, MT6762, MT6765, MT6768, MT6769, MT6779, MT6781, MT6785, MT6833, MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6983, MT8321, MT8667, MT8675, MT8765, MT8766, MT8768, MT8786, MT8788, MT8789, MT8797
Affected Software Versions
Android 10.0, 11.0, 12.0
CVE
CVE-2022-20066
Title
Improper handling of exceptional conditions in atf (hwfde)
Severity
Medium
Vulnerability Type
ID
CWE
CWE-755 Improper Handling of Exceptional Conditions
Description
In atf (hwfde), there is a possible leak of sensitive information due to incorrect error handling. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets
MT8168, MT8365, MT8696
Affected Software Versions
Android 11.0, 12.0
CVE
CVE-2022-20067
Title
Improper input validation in mdp
Severity
Medium
Vulnerability Type
EoP
CWE
CWE-20 Improper Input Validation
Description
In mdp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is no needed for exploitation.
Affected Chipsets
MT6731, MT6735, MT6739, MT6750, MT6755, MT6755S, MT6757, MT6761, MT6762, MT6763, MT6765, MT6768, MT6769, MT6771, MT6779, MT6785, MT6833, MT6853, MT6853T, MT6873, MT6885, MT6891, MT6893, MT8167, MT8167S, MT8168, MT8173, MT8183, MT8185, MT8321, MT8362A, MT8365, MT8385, MT8666, MT8667, MT8675, MT8735A, MT8735B, MT8765, MT8766, MT8768, MT8786, MT8788, MT8789, MT8791, MT8797
Affected Software Versions
Android 9.0, 10.0, 11.0, 12.0
CVE
CVE-2022-20052
Title
Use after free in mdp
Severity
Medium
Vulnerability Type
EoP
CWE
CWE-416 Use After Free
Description
In mdp, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation.
Affected Chipsets
MT6580, MT6735, MT6737, MT6739, MT6750, MT6753, MT6755, MT6762, MT6763, MT6765, MT6768, MT6769, MT6771, MT6779, MT6781, MT6785, MT6833, MT6853, MT6853T, MT6873, MT6877, MT6885, MT6890, MT6891, MT6893, MT8163, MT8167, MT8167S, MT8168, MT8173, MT8175, MT8183, MT8321, MT8362A, MT8365, MT8385, MT8666, MT8667, MT8735A, MT8735B, MT8765, MT8766, MT8768, MT8786, MT8788
Affected Software Versions
Android 11.0, 12.0
CVE
CVE-2022-20068
Title
Unix symbolic link (symlink) following in mobile_log_d
Severity
Medium
Vulnerability Type
EoP
CWE
CWE-61 UNIX Symbolic Link (Symlink) Following
Description
In mobile_log_d, there is a possible symbolic link following due to an improper link resolution. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets
MT6731, MT6732, MT6735, MT6737, MT6739, MT6761, MT6762, MT6763, MT6765, MT6768, MT6769, MT6771, MT6779, MT6781, MT6785, MT6795, MT6799, MT6833, MT6853T, MT6873, MT6875, MT6877, MT6880, MT6883, MT6885, MT6889, MT6890, MT6891, MT6893, MT6985, MT8163, MT8167, MT8167S, MT8168, MT8173, MT8175, MT8183, MT8185, MT8321, MT8362A, MT8365, MT8385, MT8666, MT8667, MT8675, MT8735A, MT8735B, MT8765, MT8766, MT8768, MT8786, MT8788, MT8789, MT8791, MT8797
Affected Software Versions
Android 10.0, 11.0, 12.0
CVE
CVE-2022-20069
Title
Integer overflow or wraparound in preloader (usb)
Severity
Medium
Vulnerability Type
EoP
CWE
CWE-190 Integer Overflow or Wraparound
Description
In preloader (usb), there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege, for an attacker who has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation.
Affected Chipsets
MT6580, MT6735, MT6739, MT6761, MT6762, MT6763, MT6765, MT6768, MT6769, MT6771, MT6779, MT6781, MT6785, MT6799, MT6833, MT6853, MT6853T, MT6873, MT6877, MT6885, MT6893, MT6983, MT8167, MT8167S, MT8168, MT8173, MT8175, MT8183, MT8185, MT8321, MT8362A, MT8365, MT8385, MT8666, MT8667, MT8675, MT8695, MT8696, MT8765, MT8766, MT8768, MT8786, MT8788, MT8789, MT8791, MT8797
Affected Software Versions
Android 10.0, 11.0, 12.0
CVE
CVE-2022-20070
Title
Improper input validation in ssmr
Severity
Medium
Vulnerability Type
EoP
CWE
CWE-20 Improper Input Validation
Description
In ssmr, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is no needed for exploitation.
Affected Chipsets
MT6731, MT6732, MT6735, MT6737, MT6739, MT6750, MT6750S, MT6752, MT6753, MT6755, MT6755S, MT6757, MT6757C, MT6757CD, MT6757CH, MT6758, MT6761, MT6762, MT6763, MT6765, MT6768, MT6769, MT6771, MT6779, MT6781, MT6785, MT6789, MT6795, MT6797, MT6799, MT6833, MT6853, MT6853T, MT6873, MT6875, MT6877, MT6879, MT6880, MT6883, MT6885, MT6889, MT6890, MT6891, MT6893, MT6895, MT6983, MT6985
Affected Software Versions
Android 11.0, 12.0
CVE
CVE-2022-20071
Title
Improperly implemented security check for standard in ccu
Severity
Medium
Vulnerability Type
EoP
CWE
CWE-358 Improperly Implemented Security Check for Standard
Description
In ccu, there is a possible escalation of privilege due to a missing certificate validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is no needed for exploitation.
Affected Chipsets
MT6833, MT6853, MT6873, MT6877, MT6885, MT6893, MT8797
Affected Software Versions
Android 11.0, 12.0
CVE
CVE-2022-20072
Title
Incorrect comparison in search engine service
Severity
Medium
Vulnerability Type
EoP
CWE
CWE-697 Incorrect Comparison
Description
In search engine service, there is a possible way to change the default search engine due to an incorrect comparison. This could lead to local escalation of privilege with System execution privileges needed. User interaction is no needed for exploitation.
Affected Chipsets
MT6580, MT6735, MT6737, MT6739, MT6753, MT6755, MT6755S, MT6761, MT6765, MT6768, MT6769, MT6771, MT6779, MT6781, MT6785, MT6789, MT6795, MT6797, MT6799, MT6833, MT6853, MT6853T, MT6873, MT6875, MT6877, MT6879, MT6880, MT6883, MT6885, MT6889, MT6890, MT6891, MT6893, MT6895, MT6983, MT6985, MT8167, MT8167S, MT8168, MT8173, MT8175, MT8183, MT8185, MT8321, MT8362A, MT8365, MT8385, MT8675, MT8765, MT8766, MT8768, MT8786, MT8788, MT8791, MT8797
Affected Software Versions
Android 11.0, 12.0
CVE
CVE-2022-20073
Title
Integer underflow (wrap or wraparound) in preloader (usb)
Severity
Medium
Vulnerability Type
EoP
CWE
CWE-191 Integer Underflow (Wrap or Wraparound)
Description
In preloader (usb), there is a possible out of bounds write due to a integer underflow. This could lead to local escalation of privilege, for an attacker who has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation.
Affected Chipsets
MT2601, MT6580, MT6735, MT6739, MT6761, MT6763, MT6765, MT6768, MT6771, MT6779, MT6781, MT6785, MT6799, MT6833, MT6873, MT6877, MT6885, MT6893, MT8163, MT8167, MT8167S, MT8168, MT8173, MT8175, MT8183, MT8185, MT8321, MT8362A, MT8365, MT8385, MT8666, MT8667, MT8675, MT8695, MT8696, MT8765, MT8766, MT8768, MT8786, MT8788, MT8789, MT8791, MT8797
Affected Software Versions
Android 10.0, 11.0, 12.0
CVE
CVE-2022-20074
Title
Out-of-bounds read in preloader (partition)
Severity
Medium
Vulnerability Type
EoP
CWE
CWE-125 Out-of-bounds Read
Description
In preloader (partition), there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, for an attacker who has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation.
Affected Chipsets
MT6761, MT6762, MT6763, MT6765, MT6768, MT6769, MT6779, MT6833, MT6853, MT6853T, MT6873, MT6875, MT6877, MT6879, MT6880, MT6883, MT6885, MT6889, MT6890, MT6891, MT6893, MT6895, MT6983, MT6985, MT8185, MT8321, MT8385, MT8667, MT8675, MT8695, MT8766, MT8768, MT8786, MT8788, MT8789, MT8791, MT8797
Affected Software Versions
Android 10.0, 11.0, 12.0
CVE
CVE-2022-20075
Title
Integer overflow or wraparound in ged
Severity
Medium
Vulnerability Type
EoP
CWE
CWE-190 Integer Overflow or Wraparound
Description
In ged, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets
MT6580, MT6731, MT6735, MT6750S, MT6753, MT6755S, MT6757, MT6757C, MT6757CD, MT6757CH, MT6761, MT6762, MT6763, MT6765, MT6768, MT6769, MT6771, MT6779, MT6781, MT6785, MT6833, MT6853, MT6853T, MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893, MT8127, MT8135, MT8163, MT8167, MT8167S, MT8168, MT8173, MT8175, MT8176, MT8183, MT8312C, MT8312D, MT8321, MT8362A, MT8365, MT8382, MT8385, MT8389, MT8392, MT8392_90, MT8665, MT8685, MT8693, MT8735, MT8735B, MT8735M, MT8752, MT8765, MT8783, MT8785, MT8788
Affected Software Versions
Android 10.0, 11.0, 12.0
CVE
CVE-2022-20076
Title
Improper handling of exceptional conditions in ged
Severity
Medium
Vulnerability Type
ID
CWE
CWE-755 Improper Handling of Exceptional Conditions
Description
In ged, there is a possible memory corruption due to an incorrect error handling. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets
MT6580, MT6731, MT6735, MT6750S, MT6753, MT6755S, MT6757, MT6757C, MT6757CD, MT6757CH, MT6761, MT6762, MT6763, MT6765, MT6768, MT6769, MT6771, MT6779, MT6781, MT6785, MT6833, MT6853, MT6853T, MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893, MT8127, MT8135, MT8163, MT8167, MT8167S, MT8168, MT8173, MT8175, MT8176, MT8183, MT8312C, MT8312D, MT8321, MT8362A, MT8365, MT8382, MT8385, MT8389, MT8392, MT8392_90, MT8665, MT8685, MT8693, MT8735, MT8735B, MT8735M, MT8752, MT8765, MT8783, MT8785, MT8788
Affected Software Versions
Android 10.0, 11.0, 12.0
CVE
CVE-2022-20077
Title
Concurrent execution using shared resource with improper synchronization (‘race condition’) in vow
Severity
Medium
Vulnerability Type
EoP
CWE
CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization (‘Race Condition’)
Description
In vow, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is no needed for exploitation.
Affected Chipsets
MT6781, MT6785, MT6833, MT6853, MT6853T, MT6873, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893, MT8185, MT8789, MT8791, MT8797
Affected Software Versions
Android 10.0, 11.0
CVE
CVE-2022-20078
Title
Concurrent execution using shared resource with improper synchronization (‘race condition’) in vow
Severity
Medium
Vulnerability Type
EoP
CWE
CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization (‘Race Condition’)
Description
In vow, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is no needed for exploitation.
Affected Chipsets
MT6833, MT6853, MT6853T, MT6873, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893, MT8791, MT8797
Affected Software Versions
Android 11.0, 12.0
CVE
CVE-2022-20079
Title
Improper input validation in vow
Severity
Medium
Vulnerability Type
ID
CWE
CWE-20 Improper Input Validation
Description
In vow, there is a possible read of uninitialized data due to a improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is no needed for exploitation.
Affected Chipsets
MT6781, MT6785, MT6833, MT6853, MT6853T, MT6873, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893, MT8185, MT8789, MT8791, MT8797
Affected Software Versions
Android 10.0, 11.0
CVE
CVE-2022-20080
Title
Concurrent execution using shared resource with improper synchronization (‘race condition’) in SUB2AF
Severity
Medium
Vulnerability Type
EoP
CWE
CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization (‘Race Condition’)
Description
In SUB2AF, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is no needed for exploitation.
Affected Chipsets
MT6580, MT6735, MT6737, MT6739, MT6753, MT6757, MT6761, MT6763, MT6765, MT6768, MT6771, MT6779, MT6781, MT6785, MT6833, MT6853, MT6873, MT6877, MT6883, MT6885, MT6889, MT6893, MT8168, MT8321, MT8365, MT8666, MT8765, MT8766, MT8768, MT8786, MT8788, MT8791, MT8797
Affected Software Versions
Android 9.0, 10.0, 11.0, 12.0
****Vulnerability Type Definition****
Abbreviation
Definition
RCE
Remote Code Execution
EoP
Elevation of Privilege
ID
Information Disclosure
DoS
Denial of Service
N/A
Classification not available
****Versions****
Version
Date
Description
1.0
April 6, 2022
Bulletin published.
****Notes****
Information above is generated only at the time of creation of this Security Bulletin. The list of affected chipsets could be not complete. For any further information, device OEMs can reach your MediaTek contact person if needed.
If you want to report a security vulnerability in MediaTek chipsets or products, please go to Report Security Vulnerability page on MediaTek website.
Related news
In Boa, there is a possible escalation of privilege due to a stack buffer overflow. This could lead to remote escalation of privilege from a proximal attacker with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: A20210008; Issue ID: OSBNB00123241.
Uncaptured exceptions in the home screen module. Successful exploitation of this vulnerability may affect stability.
Configuration defects in the secure OS module. Successful exploitation of this vulnerability will affect confidentiality.
In atf (hwfde), there is a possible leak of sensitive information due to incorrect error handling. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06171729; Issue ID: ALPS06171729.