CVE-2022-20066: May 2022

May 2022 Product Security Bulletin

Published 2022-05-03

The MediaTek Product Security Bulletin contains details of security vulnerabilities affecting MediaTek Smartphone, Tablet, AIoT, Smart display, Smart platform, OTT and TV chipsets. Device OEMs have been notified of all the issues and the corresponding security patches for at least two months before publication.

The severity of the identified vulnerabilities was conducted based on the Common Vulnerability Scoring System version 3.1 (CVSS v3.1).

****Summary****

Severity

CVEs

High

CVE-2022-20084, CVE-2022-20109, CVE-2022-20110

Medium

CVE-2022-20085, CVE-2022-20087, CVE-2022-20088, CVE-2022-20089, CVE-2022-20090, CVE-2022-20091, CVE-2022-20092, CVE-2022-20093, CVE-2022-20094, CVE-2022-20095, CVE-2022-20096, CVE-2022-20097, CVE-2022-20098, CVE-2022-20099, CVE-2022-20100, CVE-2022-20101, CVE-2022-20102, CVE-2022-20103, CVE-2022-20104, CVE-2022-20066, CVE-2022-20105, CVE-2022-20106, CVE-2022-20107, CVE-2022-20108, CVE-2022-20111, CVE-2022-21743

****Details****

CVE

CVE-2022-20084

Title

Missing authorization in telephony

Severity

High

Vulnerability Type

EoP

CWE

CWE-862 Missing Authorization

Description

In telephony, there is a possible way to disable receiving emergency broadcasts due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT6731, MT6732, MT6735, MT6737, MT6739, MT6750, MT6750S, MT6752, MT6753, MT6755, MT6755S, MT6757, MT6757C, MT6757CD, MT6757CH, MT6758, MT6761, MT6762, MT6763, MT6768, MT6771, MT6779, MT6781, MT6785, MT6789, MT6795, MT6797, MT6799, MT6833, MT6853, MT6853T, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6891, MT6893, MT6895, MT6983, MT6985, MT8321, MT8666, MT8667, MT8675, MT8765, MT8766, MT8768, MT8786, MT8788, MT8789, MT8791, MT8797

Affected Software Versions

Android 10.0, 11.0, 12.0

CVE

CVE-2022-20109

Title

Improper update of reference count in ion

Severity

High

Vulnerability Type

EoP

CWE

CWE-911 Improper Update of Reference Count

Description

In ion, there is a possible use after free due to improper update of reference count. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT6580, MT6735, MT6737, MT6739, MT6750, MT6750S, MT6753, MT6757, MT6757C, MT6757CD, MT6757CH, MT6761, MT6762, MT6763, MT6765, MT6768, MT6769, MT6771, MT6779, MT6781, MT6785, MT6797, MT6833, MT6853, MT6853T, MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6893, MT8167, MT8168, MT8173, MT8185, MT8321, MT8362A, MT8365, MT8385, MT8666, MT8675, MT8695, MT8696, MT8765, MT8766, MT8768, MT8786, MT8788, MT8789, MT8791, MT8797

Affected Software Versions

Android 9.0, 10.0, 11.0, 12.0

CVE

CVE-2022-20110

Title

Time-of-check time-of-use (toctou) race condition in ion

Severity

High

Vulnerability Type

EoP

CWE

CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition

Description

In ion, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT6580, MT6735, MT6737, MT6739, MT6750, MT6750S, MT6753, MT6757, MT6757C, MT6757CD, MT6757CH, MT6761, MT6762, MT6763, MT6765, MT6768, MT6769, MT6771, MT6779, MT6781, MT6785, MT6797, MT6833, MT6853, MT6853T, MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6893, MT8167, MT8168, MT8173, MT8185, MT8321, MT8362A, MT8365, MT8385, MT8666, MT8675, MT8695, MT8696, MT8765, MT8766, MT8768, MT8786, MT8788, MT8789, MT8791, MT8797

Affected Software Versions

Android 9.0, 10.0, 11.0, 12.0

CVE

CVE-2022-20085

Title

Unix symbolic link (symlink) following in netdiag

Severity

Medium

Vulnerability Type

EoP

CWE

CWE-61 UNIX Symbolic Link (Symlink) Following

Description

In netdiag, there is a possible symbolic link following due to an improper link resolution. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT6580, MT6731, MT6735, MT6750S, MT6753, MT6755S, MT6757, MT6757C, MT6757CD, MT6757CH, MT6761, MT6762, MT6763, MT6765, MT6768, MT6769, MT6771, MT6779, MT6781, MT6785, MT6833, MT6853, MT6853T, MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893, MT8167, MT8167S, MT8168, MT8173, MT8175, MT8185, MT8321, MT8362A, MT8365, MT8385, MT8666, MT8675, MT8696, MT8765, MT8766, MT8768, MT8786, MT8788, MT8789, MT8791, MT8797

Affected Software Versions

Android 11.0, 12.0

CVE

CVE-2022-20087

Title

Improper input validation in ccu

Severity

Medium

Vulnerability Type

EoP

CWE

CWE-20 Improper Input Validation

Description

In ccu, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT6833, MT6853, MT6873, MT6877, MT6885, MT6893

Affected Software Versions

Android 11.0, 12.0

CVE

CVE-2022-20088

Title

Improper handling of exceptional conditions in aee driver

Severity

Medium

Vulnerability Type

EoP

CWE

CWE-755 Improper Handling of Exceptional Conditions

Description

In aee driver, there is a possible reference count mistake due to incorrect error handling. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT6580, MT6731, MT6739, MT6761, MT6762, MT6765, MT6768, MT6769, MT6771, MT6779, MT6781, MT6785, MT6833, MT6853, MT6853T, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6889, MT6891, MT6893, MT6895, MT6983, MT8163, MT8167, MT8168, MT8173, MT8185, MT8321, MT8362A, MT8365, MT8696, MT8735, MT8735B, MT8765, MT8766, MT8768, MT8786, MT8788, MT8789, MT8791, MT8797

Affected Software Versions

Android 11.0, 12.0

CVE

CVE-2022-20089

Title

Active debug code in aee driver

Severity

Medium

Vulnerability Type

EoP

CWE

CWE-489 Active Debug Code

Description

In aee driver, there is a possible memory corruption due to active debug code. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT6580, MT6731, MT6739, MT6761, MT6762, MT6765, MT6768, MT6769, MT6771, MT6779, MT6781, MT6785, MT6833, MT6853, MT6853T, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6889, MT6891, MT6893, MT6895, MT6983, MT8163, MT8167, MT8168, MT8173, MT8185, MT8321, MT8362A, MT8365, MT8695, MT8696, MT8735, MT8735B, MT8765, MT8766, MT8768, MT8786, MT8788, MT8789, MT8791, MT8797

Affected Software Versions

Android 11.0, 12.0

CVE

CVE-2022-20090

Title

Missing synchronization in aee driver

Severity

Medium

Vulnerability Type

EoP

CWE

CWE-820 Missing Synchronization

Description

In aee driver, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT6580, MT6731, MT6739, MT6761, MT6762, MT6765, MT6768, MT6769, MT6771, MT6779, MT6781, MT6785, MT6833, MT6853, MT6853T, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6889, MT6891, MT6893, MT6895, MT6983, MT8163, MT8167, MT8168, MT8173, MT8185, MT8321, MT8362A, MT8365, MT8696, MT8735, MT8735B, MT8765, MT8766, MT8768, MT8786, MT8788, MT8789, MT8791, MT8797

Affected Software Versions

Android 11.0, 12.0

CVE

CVE-2022-20091

Title

Concurrent execution using shared resource with improper synchronization (‘race condition’) in aee driver

Severity

Medium

Vulnerability Type

EoP

CWE

CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization (‘Race Condition’)

Description

In aee driver, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT6580, MT6731, MT6739, MT6761, MT6762, MT6765, MT6768, MT6769, MT6771, MT6779, MT6781, MT6785, MT6833, MT6853, MT6853T, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6889, MT6891, MT6893, MT6895, MT6983, MT8163, MT8167, MT8168, MT8173, MT8185, MT8321, MT8362A, MT8365, MT8696, MT8735, MT8735B, MT8765, MT8766, MT8768, MT8786, MT8788, MT8789, MT8791, MT8797

Affected Software Versions

Android 11.0, 12.0

CVE

CVE-2022-20092

Title

Improper input validation in alac decoder

Severity

Medium

Vulnerability Type

ID

CWE

CWE-20 Improper Input Validation

Description

In alac decoder, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT6761, MT6768, MT6779, MT6785, MT6833, MT6853, MT6853T, MT6873, MT6877, MT6879, MT6883, MT6885, MT6889, MT6893, MT6895, MT6983, MT8173, MT8175, MT8183, MT8185, MT8385, MT8791, MT8797

Affected Software Versions

Android 11.0, 12.0

CVE

CVE-2022-20093

Title

Missing authorization in telephony

Severity

Medium

Vulnerability Type

EoP

CWE

CWE-862 Missing Authorization

Description

In telephony, there is a possible way to disable receiving SMS messages due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT6731, MT6732, MT6735, MT6737, MT6739, MT6750, MT6750S, MT6752, MT6753, MT6755, MT6755S, MT6757, MT6757C, MT6757CD, MT6757CH, MT6758, MT6761, MT6762, MT6763, MT6765, MT6768, MT6769, MT6771, MT6779, MT6781, MT6785, MT6789, MT6795, MT6797, MT6799, MT6833, MT6853, MT6853T, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6889, MT6891, MT6893, MT6895, MT6983, MT6985, MT8321, MT8666, MT8675, MT8765, MT8766, MT8768, MT8786, MT8788, MT8789, MT8791, MT8797

Affected Software Versions

Android 10.0, 11.0, 12.0

CVE

CVE-2022-20094

Title

Improper input validation in imgsensor

Severity

Medium

Vulnerability Type

EoP

CWE

CWE-20 Improper Input Validation

Description

In imgsensor, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT6771, MT6779, MT6781, MT6785, MT6833, MT6853, MT6873, MT6885, MT6893, MT8788, MT8797

Affected Software Versions

Android 11.0, 12.0

CVE

CVE-2022-20095

Title

Improper input validation in imgsensor

Severity

Medium

Vulnerability Type

EoP

CWE

CWE-20 Improper Input Validation

Description

In imgsensor, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT6771, MT6779, MT6781, MT6785, MT6833, MT6853, MT6873, MT6885, MT6893, MT8788, MT8797

Affected Software Versions

Android 11.0, 12.0

CVE

CVE-2022-20096

Title

Use of uninitialized variable in camera

Severity

Medium

Vulnerability Type

ID

CWE

CWE-457 Use of Uninitialized Variable

Description

In camera, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure with System execution privileges needed. User interaction is no needed for exploitation.

Affected Chipsets

MT6765, MT6768, MT6769, MT8183, MT8185, MT8385, MT8666, MT8667, MT8768, MT8786, MT8788, MT8789

Affected Software Versions

Android 9.0, 10.0, 11.0, 12.0

CVE

CVE-2022-20097

Title

Time-of-check time-of-use (toctou) race condition in aee daemon

Severity

Medium

Vulnerability Type

ID

CWE

CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition

Description

In aee daemon, there is a possible information disclosure due to a race condition. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT6580, MT6739, MT6761, MT6762, MT6765, MT6768, MT6769, MT6771, MT6779, MT6781, MT6785, MT6789, MT6833, MT6853, MT6853T, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6889, MT6891, MT6893, MT6895, MT6983, MT8163, MT8167, MT8168, MT8173, MT8185, MT8321, MT8362A, MT8365, MT8735, MT8735B, MT8765, MT8766, MT8768, MT8786, MT8788, MT8789, MT8791, MT8797

Affected Software Versions

Android 11.0, 12.0

CVE

CVE-2022-20098

Title

Missing authorization in aee daemon

Severity

Medium

Vulnerability Type

ID

CWE

CWE-862 Missing Authorization

Description

In aee daemon, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT6580, MT6739, MT6761, MT6762, MT6765, MT6768, MT6769, MT6771, MT6779, MT6781, MT6785, MT6789, MT6833, MT6853, MT6853T, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6889, MT6891, MT6893, MT6895, MT6983, MT8163, MT8167, MT8168, MT8173, MT8185, MT8321, MT8362A, MT8365, MT8735, MT8735B, MT8765, MT8766, MT8768, MT8786, MT8788, MT8789, MT8791, MT8797

Affected Software Versions

Android 11.0, 12.0

CVE

CVE-2022-20099

Title

Improper input validation in aee daemon

Severity

Medium

Vulnerability Type

EoP

CWE

CWE-20 Improper Input Validation

Description

In aee daemon, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT6580, MT6739, MT6761, MT6762, MT6765, MT6768, MT6769, MT6771, MT6779, MT6781, MT6785, MT6789, MT6833, MT6853, MT6853T, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6889, MT6891, MT6893, MT6895, MT6983, MT8163, MT8167, MT8168, MT8173, MT8185, MT8321, MT8362A, MT8365, MT8735, MT8735B, MT8765, MT8766, MT8768, MT8786, MT8788, MT8789, MT8791, MT8797

Affected Software Versions

Android 11.0, 12.0

CVE

CVE-2022-20100

Title

Missing authorization in aee daemon

Severity

Medium

Vulnerability Type

ID

CWE

CWE-862 Missing Authorization

Description

In aee daemon, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT6580, MT6739, MT6761, MT6762, MT6765, MT6768, MT6769, MT6771, MT6779, MT6781, MT6785, MT6789, MT6833, MT6853, MT6853T, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6889, MT6891, MT6893, MT6895, MT6983, MT8163, MT8167, MT8168, MT8173, MT8185, MT8321, MT8362A, MT8365, MT8735, MT8735B, MT8765, MT8766, MT8768, MT8786, MT8788, MT8789, MT8791, MT8797

Affected Software Versions

Android 11.0, 12.0

CVE

CVE-2022-20101

Title

Improper limitation of a pathname to a restricted directory (‘path traversal’) in aee daemon

Severity

Medium

Vulnerability Type

ID

CWE

CWE-22 Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’)

Description

In aee daemon, there is a possible information disclosure due to a path traversal. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT6580, MT6739, MT6761, MT6762, MT6765, MT6768, MT6769, MT6771, MT6779, MT6781, MT6785, MT6789, MT6833, MT6853, MT6853T, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6889, MT6891, MT6893, MT6895, MT6983, MT8163, MT8167, MT8168, MT8173, MT8185, MT8321, MT8362A, MT8365, MT8735, MT8735B, MT8765, MT8766, MT8768, MT8786, MT8788, MT8789, MT8791, MT8797

Affected Software Versions

Android 11.0, 12.0

CVE

CVE-2022-20102

Title

Missing authorization in aee daemon

Severity

Medium

Vulnerability Type

ID

CWE

CWE-862 Missing Authorization

Description

In aee daemon, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT6580, MT6739, MT6761, MT6762, MT6765, MT6768, MT6769, MT6771, MT6779, MT6781, MT6785, MT6789, MT6833, MT6853, MT6853T, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6889, MT6891, MT6893, MT6895, MT6983, MT8163, MT8167, MT8168, MT8173, MT8185, MT8321, MT8362A, MT8365, MT8735, MT8735B, MT8765, MT8766, MT8768, MT8786, MT8788, MT8789, MT8791, MT8797

Affected Software Versions

Android 11.0, 12.0

CVE

CVE-2022-20103

Title

Unix symbolic link (symlink) following in aee daemon

Severity

Medium

Vulnerability Type

ID

CWE

CWE-61 UNIX Symbolic Link (Symlink) Following

Description

In aee daemon, there is a possible information disclosure due to symbolic link following. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT6580, MT6739, MT6761, MT6762, MT6765, MT6768, MT6769, MT6771, MT6779, MT6781, MT6785, MT6789, MT6833, MT6853, MT6853T, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6889, MT6891, MT6893, MT6895, MT6983, MT8163, MT8167, MT8168, MT8173, MT8185, MT8321, MT8362A, MT8365, MT8735, MT8735B, MT8765, MT8766, MT8768, MT8786, MT8788, MT8789, MT8791, MT8797

Affected Software Versions

Android 11.0, 12.0

CVE

CVE-2022-20104

Title

Improper access control in aee daemon

Severity

Medium

Vulnerability Type

ID

CWE

CWE-284 Improper Access Control

Description

In aee daemon, there is a possible information disclosure due to improper access control. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT6580, MT6739, MT6761, MT6762, MT6765, MT6768, MT6769, MT6771, MT6779, MT6781, MT6785, MT6789, MT6833, MT6853, MT6853T, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6889, MT6891, MT6893, MT6895, MT6983, MT8163, MT8167, MT8168, MT8173, MT8185, MT8321, MT8362A, MT8365, MT8735, MT8735B, MT8765, MT8766, MT8768, MT8786, MT8788, MT8789, MT8791, MT8797

Affected Software Versions

Android 11.0, 12.0

CVE

CVE-2022-20066

Title

Improper handling of exceptional conditions in atf (hwfde)

Severity

Medium

Vulnerability Type

ID

CWE

CWE-755 Improper Handling of Exceptional Conditions

Description

In atf (hwfde), there is a possible leak of sensitive information due to incorrect error handling. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT6580, MT6739, MT6761, MT6765, MT6769, MT6771, MT6785, MT6833, MT6873, MT6875, MT6877, MT6891, MT8168, MT8365, MT8666, MT8667, MT8696, MT8766, MT8768, MT8788

Affected Software Versions

Android 11.0, 12.0

CVE

CVE-2022-20105

Title

Stack-based buffer overflow in MM service

Severity

Medium

Vulnerability Type

EoP

CWE

CWE-121 Stack-based Buffer Overflow

Description

In MM service, there is a possible out of bounds write due to a stack-based buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT9011, MT9215, MT9216, MT9220, MT9221, MT9255, MT9256, MT9266, MT9269, MT9285, MT9286, MT9288, MT9600, MT9602, MT9610, MT9611, MT9612, MT9613, MT9615, MT9617, MT9629, MT9630, MT9631, MT9632, MT9636, MT9638, MT9639, MT9650, MT9652, MT9666, MT9669, MT9670, MT9675, MT9685, MT9686, MT9688

Affected Software Versions

Android 9.0, 10.0, 11.0 or Linux Kernel 4.9, 4.19

CVE

CVE-2022-20106

Title

Heap-based buffer overflow in MM service

Severity

Medium

Vulnerability Type

EoP

CWE

CWE-122 Heap-based Buffer Overflow

Description

In MM service, there is a possible out of bounds write due to a heap-based buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT9011, MT9215, MT9216, MT9220, MT9221, MT9255, MT9256, MT9266, MT9269, MT9285, MT9286, MT9288, MT9600, MT9602, MT9610, MT9611, MT9612, MT9613, MT9615, MT9617, MT9629, MT9630, MT9631, MT9632, MT9636, MT9638, MT9639, MT9650, MT9652, MT9666, MT9669, MT9670, MT9675, MT9685, MT9686, MT9688

Affected Software Versions

Android 9.0, 10.0, 11.0 or Linux Kernel 4.9, 4.19

CVE

CVE-2022-20107

Title

Integer overflow or wraparound in subtitle service

Severity

Medium

Vulnerability Type

DoS

CWE

CWE-190 Integer Overflow or Wraparound

Description

In subtitle service, there is a possible application crash due to an integer overflow. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT9011, MT9215, MT9216, MT9220, MT9221, MT9255, MT9256, MT9266, MT9269, MT9285, MT9286, MT9288, MT9600, MT9602, MT9610, MT9611, MT9612, MT9613, MT9615, MT9617, MT9629, MT9630, MT9631, MT9632, MT9636, MT9638, MT9639, MT9650, MT9652, MT9666, MT9669, MT9670, MT9675, MT9685, MT9686, MT9688

Affected Software Versions

Android 9.0, 10.0, 11.0 or Linux Kernel 4.9, 4.19

CVE

CVE-2022-20108

Title

Stack-based buffer overflow in voice service

Severity

Medium

Vulnerability Type

EoP

CWE

CWE-121 Stack-based Buffer Overflow

Description

In voice service, there is a possible out of bounds write due to a stack-based buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT9011, MT9215, MT9216, MT9220, MT9221, MT9255, MT9256, MT9266, MT9269, MT9285, MT9286, MT9288, MT9600, MT9602, MT9610, MT9611, MT9612, MT9613, MT9615, MT9617, MT9629, MT9630, MT9631, MT9632, MT9636, MT9638, MT9639, MT9650, MT9652, MT9666, MT9669, MT9670, MT9675, MT9685, MT9686, MT9688

Affected Software Versions

Android 9.0, 10.0, 11.0 or Linux Kernel 4.9, 4.19

CVE

CVE-2022-20111

Title

Improper handling of exceptional conditions in ion

Severity

Medium

Vulnerability Type

EoP

CWE

CWE-755 Improper Handling of Exceptional Conditions

Description

In ion, there is a possible use after free due to incorrect error handling. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT6580, MT6735, MT6737, MT6739, MT6750, MT6750S, MT6753, MT6757, MT6757C, MT6757CD, MT6757CH, MT6761, MT6762, MT6763, MT6765, MT6768, MT6769, MT6771, MT6779, MT6781, MT6785, MT6797, MT6833, MT6853, MT6853T, MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6893, MT8167, MT8168, MT8173, MT8185, MT8321, MT8362A, MT8365, MT8385, MT8666, MT8675, MT8695, MT8696, MT8765, MT8766, MT8768, MT8786, MT8788, MT8789, MT8791, MT8797

Affected Software Versions

Android 9.0, 10.0, 11.0, 12.0

CVE

CVE-2022-21743

Title

Integer overflow or wraparound in ion

Severity

Medium

Vulnerability Type

EoP

CWE

CWE-190 Integer Overflow or Wraparound

Description

In ion, there is a possible use after free due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT6580, MT6735, MT6737, MT6739, MT6750, MT6750S, MT6753, MT6757, MT6757C, MT6757CD, MT6757CH, MT6761, MT6762, MT6763, MT6765, MT6768, MT6769, MT6771, MT6779, MT6781, MT6785, MT6797, MT6833, MT6853, MT6853T, MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6893, MT8167, MT8168, MT8173, MT8185, MT8321, MT8362A, MT8365, MT8385, MT8666, MT8675, MT8695, MT8696, MT8765, MT8766, MT8768, MT8786, MT8788, MT8789, MT8791, MT8797

Affected Software Versions

Android 9.0, 10.0, 11.0, 12.0

****Vulnerability Type Definition****

Abbreviation

Definition

RCE

Remote Code Execution

EoP

Elevation of Privilege

ID

Information Disclosure

DoS

Denial of Service

N/A

Classification not available

****Versions****

Version

Date

Description

1.0

May 3, 2022

Bulletin published.

****Notes****

Information above is generated only at the time of creation of this Security Bulletin. The list of affected chipsets could be not complete. For any further information, device OEMs can reach your MediaTek contact person if needed.

If you want to report a security vulnerability in MediaTek chipsets or products, please go to Report Security Vulnerability page on MediaTek website.