CVE-2022-26448: September 2022

September 2022 Product Security Bulletin

Published 2022-09-05

The MediaTek Product Security Bulletin contains details of security vulnerabilities affecting MediaTek Smartphone, Tablet, AIoT, Smart display, Smart platform, OTT and TV chipsets. Device OEMs have been notified of all the issues and the corresponding security patches for at least two months before publication.

The severity of the identified vulnerabilities was conducted based on the Common Vulnerability Scoring System version 3.1 (CVSS v3.1).

****Summary****

Severity

CVEs

High

CVE-2022-26447

Medium

CVE-2022-26448, CVE-2022-26449, CVE-2022-26450, CVE-2022-26451, CVE-2022-26453, CVE-2022-26454, CVE-2022-26455, CVE-2022-26456, CVE-2022-26457, CVE-2022-26458, CVE-2022-26459, CVE-2022-26460, CVE-2022-26461, CVE-2022-26462, CVE-2022-26463, CVE-2022-26464, CVE-2022-26465, CVE-2022-26466, CVE-2022-26467, CVE-2022-26468, CVE-2022-26469, CVE-2022-26470

****Details****

CVE

CVE-2022-26447

Title

Improper input validation in BT firmware

Severity

High

Vulnerability Type

RCE

CWE

CWE-20 Improper Input Validation

Description

In BT firmware, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT6580, MT6735, MT6737, MT6739, MT6750S, MT6753, MT6755S, MT6757, MT6757C, MT6757CD, MT6757CH, MT6763, MT6771, MT8163, MT8167, MT8167S, MT8173, MT8183, MT8321, MT8362A, MT8385, MT8518, MT8532, MT8765, MT8788

Affected Software Versions

Android 10.0, 11.0, 12.0 and Yocto 3.1

CVE

CVE-2022-26448

Title

Improper input validation in apusys

Severity

Medium

Vulnerability Type

EoP

CWE

CWE-20 Improper Input Validation

Description

In apusys, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT6853T, MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893

Affected Software Versions

Android 11.0, 12.0

CVE

CVE-2022-26449

Title

Improper input validation in apusys

Severity

Medium

Vulnerability Type

EoP

CWE

CWE-20 Improper Input Validation

Description

In apusys, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT6879, MT6895, MT6983

Affected Software Versions

Android 12.0

CVE

CVE-2022-26450

Title

Concurrent execution using shared resource with improper synchronization (‘race condition’) in apusys

Severity

Medium

Vulnerability Type

EoP

CWE

CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization (‘Race Condition’)

Description

In apusys, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT6879, MT6895, MT6983

Affected Software Versions

Android 12.0

CVE

CVE-2022-26451

Title

Improper synchronization in ged

Severity

Medium

Vulnerability Type

EoP

CWE

CWE-662 Improper Synchronization

Description

In ged, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT6789, MT6855, MT6879, MT6895, MT6983, MT8168, MT8365

Affected Software Versions

Android 12.0

CVE

CVE-2022-26453

Title

Use after free in teei

Severity

Medium

Vulnerability Type

EoP

CWE

CWE-416 Use After Free

Description

In teei, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT6761, MT6765, MT6768, MT6771, MT6779, MT6781, MT6785, MT6833, MT6853, MT6875, MT6877, MT6879, MT6885, MT6893, MT6895, MT6983

Affected Software Versions

Android 11.0, 12.0

CVE

CVE-2022-26454

Title

Integer overflow or wraparound in teei

Severity

Medium

Vulnerability Type

EoP

CWE

CWE-190 Integer Overflow or Wraparound

Description

In teei, there is a possible memory corruption due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT6761, MT6765, MT6768, MT6771, MT6779, MT6781, MT6785, MT6833, MT6853, MT6875, MT6877, MT6879, MT6885, MT6893, MT6895, MT6983

Affected Software Versions

Android 11.0, 12.0

CVE

CVE-2022-26455

Title

Improper handling of exceptional conditions in gz

Severity

Medium

Vulnerability Type

EoP

CWE

CWE-755 Improper Handling of Exceptional Conditions

Description

In gz, there is a possible memory corruption due to incorrect error handling. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT6789, MT6855, MT6879, MT6895, MT6983

Affected Software Versions

Android 12.0

CVE

CVE-2022-26456

Title

Unix symbolic link (symlink) following in vow

Severity

Medium

Vulnerability Type

ID

CWE

CWE-61 UNIX Symbolic Link (Symlink) Following

Description

In vow, there is a possible information disclosure due to a symbolic link following. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT6769, MT6781, MT6785, MT6789, MT6833, MT6853, MT6855, MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893, MT6983, MT8185, MT8789, MT8791, MT8797

Affected Software Versions

Android 11.0

CVE

CVE-2022-26457

Title

Improper input validation in vow

Severity

Medium

Vulnerability Type

EoP

CWE

CWE-20 Improper Input Validation

Description

In vow, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT6769, MT6781, MT6785, MT6833, MT6855, MT6877, MT6879, MT6893, MT6983, MT8791, MT8797

Affected Software Versions

Android 11.0, 12.0

CVE

CVE-2022-26458

Title

Improper input validation in vow

Severity

Medium

Vulnerability Type

EoP

CWE

CWE-20 Improper Input Validation

Description

In vow, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT6853, MT6855, MT6873, MT6877, MT6883, MT6885, MT6893, MT6895, MT6983, MT8791, MT8797

Affected Software Versions

Android 11.0, 12.0

CVE

CVE-2022-26459

Title

Integer overflow or wraparound in vow

Severity

Medium

Vulnerability Type

ID

CWE

CWE-190 Integer Overflow or Wraparound

Description

In vow, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT6833, MT6853, MT6855, MT6873, MT6877, MT6879, MT6883, MT6885, MT6889, MT6893, MT6895, MT6983, MT8791, MT8797

Affected Software Versions

Android 11.0, 12.0

CVE

CVE-2022-26460

Title

Improper input validation in vow

Severity

Medium

Vulnerability Type

EoP

CWE

CWE-20 Improper Input Validation

Description

In vow, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT6833, MT6853, MT6855, MT6873, MT6877, MT6879, MT6883, MT6885, MT6889, MT6893, MT6895, MT6983, MT8791, MT8797

Affected Software Versions

Android 11.0, 12.0

CVE

CVE-2022-26461

Title

Undefined behavior for input to api in vow

Severity

Medium

Vulnerability Type

EoP

CWE

CWE-475 Undefined Behavior for Input to API

Description

In vow, there is a possible undefined behavior due to an API misuse. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT6833, MT6853, MT6855, MT6873, MT6877, MT6879, MT6883, MT6885, MT6889, MT6893, MT6895, MT6983, MT8791, MT8797

Affected Software Versions

Android 11.0, 12.0

CVE

CVE-2022-26462

Title

Improper input validation in vow

Severity

Medium

Vulnerability Type

ID

CWE

CWE-20 Improper Input Validation

Description

In vow, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT6833, MT6853, MT6855, MT6873, MT6877, MT6879, MT6883, MT6885, MT6889, MT6893, MT6895, MT6983, MT8791, MT8797

Affected Software Versions

Android 11.0, 12.0

CVE

CVE-2022-26463

Title

Improper input validation in vow

Severity

Medium

Vulnerability Type

ID

CWE

CWE-20 Improper Input Validation

Description

In vow, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT6833, MT6853, MT6855, MT6873, MT6877, MT6879, MT6883, MT6885, MT6889, MT6893, MT6895, MT6983, MT8791, MT8797

Affected Software Versions

Android 11.0, 12.0

CVE

CVE-2022-26464

Title

Improper input validation in vow

Severity

Medium

Vulnerability Type

EoP

CWE

CWE-20 Improper Input Validation

Description

In vow, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT6833, MT6853, MT6855, MT6873, MT6877, MT6879, MT6883, MT6885, MT6889, MT6893, MT6895, MT6983, MT8791, MT8797

Affected Software Versions

Android 11.0, 12.0

CVE

CVE-2022-26465

Title

Improper input validation in audio ipi

Severity

Medium

Vulnerability Type

EoP

CWE

CWE-20 Improper Input Validation

Description

In audio ipi, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT6779, MT6781, MT6785, MT6853, MT6853T, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6889, MT6893, MT6895, MT6983, MT8512A, MT8518, MT8791, MT8797, MT8798

Affected Software Versions

Android 11.0, 12.0 and Yocto 3.1

CVE

CVE-2022-26466

Title

Integer overflow or wraparound in audio ipi

Severity

Medium

Vulnerability Type

EoP

CWE

CWE-190 Integer Overflow or Wraparound

Description

In audio ipi, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT6779, MT6781, MT6785, MT6853, MT6853T, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6889, MT6893, MT6895, MT6983, MT8512A, MT8518, MT8519_M1V1, MT8519_P1V1, MT8791, MT8797, MT8798

Affected Software Versions

Android 11.0, 12.0 and Yocto 3.1

CVE

CVE-2022-26467

Title

Improper input validation in rpmb

Severity

Medium

Vulnerability Type

EoP

CWE

CWE-20 Improper Input Validation

Description

In rpmb, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT6580, MT6735, MT6737, MT6739, MT6753, MT6761, MT6765, MT6768, MT6771, MT6779, MT6781, MT6785, MT6833, MT6853, MT6853T, MT6855, MT6873, MT6877, MT6879, MT6883, MT6885, MT6889, MT6893, MT6895, MT6983, MT8168, MT8183, MT8321, MT8365, MT8385, MT8666, MT8675, MT8765, MT8768, MT8786, MT8788, MT8797

Affected Software Versions

Android 11.0, 12.0

CVE

CVE-2022-26468

Title

Improper input validation in preloader (usb)

Severity

Medium

Vulnerability Type

EoP

CWE

CWE-20 Improper Input Validation

Description

In preloader (usb), there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, for an attacker who has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation.

Affected Chipsets

MT6735, MT6739, MT6761, MT6763, MT6765, MT6768, MT6771, MT6779, MT6781, MT6785, MT6833, MT6853, MT6855, MT6873, MT6877, MT6879, MT6885, MT6893, MT6895, MT6983, MT8163, MT8167, MT8167S, MT8168, MT8173, MT8175, MT8183, MT8185, MT8321, MT8362A, MT8365, MT8385, MT8666, MT8667, MT8675, MT8735A, MT8735B, MT8765, MT8766, MT8768, MT8786, MT8788, MT8789, MT8797

Affected Software Versions

Android 11.0, 12.0

CVE

CVE-2022-26469

Title

Use of externally-controlled input to select classes or code (‘unsafe reflection’) in MtkEmail

Severity

Medium

Vulnerability Type

EoP

CWE

CWE-470 Use of Externally-Controlled Input to Select Classes or Code (‘Unsafe Reflection’)

Description

In MtkEmail, there is a possible escalation of privilege due to fragment injection. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT6580, MT6735, MT6737, MT6739, MT6761, MT6765, MT6768, MT6771, MT6779, MT6781, MT6785, MT6833, MT6853, MT6855, MT6873, MT6877, MT6879, MT6883, MT6885, MT6889, MT6895, MT6983, MT8167, MT8167S, MT8168, MT8173, MT8175, MT8185, MT8321, MT8362A, MT8365, MT8385, MT8666, MT8675, MT8765, MT8766, MT8768, MT8786, MT8788, MT8789, MT8791, MT8797

Affected Software Versions

Android 11.0, 12.0

CVE

CVE-2022-26470

Title

Improper input validation in aie

Severity

Medium

Vulnerability Type

EoP

CWE

CWE-20 Improper Input Validation

Description

In aie, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT6879, MT6895, MT6983, MT8321, MT8385, MT8765, MT8766, MT8768, MT8786, MT8788, MT8789

Affected Software Versions

Android 12.0

****Vulnerability Type Definition****

Abbreviation

Definition

RCE

Remote Code Execution

EoP

Elevation of Privilege

ID

Information Disclosure

DoS

Denial of Service

N/A

Classification not available

****Versions****

Version

Date

Description

1.0

September 5, 2022

Bulletin published.

****Notes****

Information above is generated only at the time of creation of this Security Bulletin. The list of affected chipsets could be not complete. For any further information, device OEMs can reach your MediaTek contact person if needed.

If you want to report a security vulnerability in MediaTek chipsets or products, please go to Report Security Vulnerability page on MediaTek website.