CVE-2022-32618: November 2022

November 2022 Product Security Bulletin

Published 2022-11-07

The MediaTek Product Security Bulletin contains details of security vulnerabilities affecting MediaTek Smartphone, Tablet, AIoT, Smart display, Smart platform and OTT chipsets. Device OEMs have been notified of all the issues and the corresponding security patches for at least two months before publication.

The severity of the identified vulnerabilities was conducted based on the Common Vulnerability Scoring System version 3.1 (CVSS v3.1).

****Summary****

Severity

CVEs

High

CVE-2022-32601, CVE-2022-32602

Medium

CVE-2022-26446, CVE-2022-21778, CVE-2022-32603, CVE-2022-32605, CVE-2022-32607, CVE-2022-32608, CVE-2022-32609, CVE-2022-32610, CVE-2022-32611, CVE-2022-32612, CVE-2022-32613, CVE-2022-32614, CVE-2022-32615, CVE-2022-32616, CVE-2022-32617, CVE-2022-32618

****Details****

CVE

CVE-2022-32601

Title

Deserialization of untrusted data in telephony

Severity

High

Vulnerability Type

EoP

CWE

CWE-502 Deserialization of Untrusted Data

Description

In telephony, there is a possible permission bypass due to a parcel format mismatch. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT6739, MT6761, MT6762, MT6763, MT6765, MT6768, MT6769, MT6771, MT6779, MT6781, MT6785, MT6789, MT6833, MT6853, MT6853T, MT6855, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6889, MT6891, MT6893, MT6895, MT6983, MT8321, MT8385, MT8666, MT8675, MT8765, MT8766, MT8768, MT8786, MT8788, MT8789, MT8795T, MT8797, MT8798

Affected Software Versions

Android 10.0, 11.0, 12.0

CVE

CVE-2022-32602

Title

Improper input validation in keyinstall

Severity

High

Vulnerability Type

EoP

CWE

CWE-20 Improper Input Validation

Description

In keyinstall, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT6833, MT6883, MT6983, MT8183, MT8185, MT8321, MT8385, MT8675, MT8765, MT8766, MT8768, MT8786, MT8789, MT8791, MT8791T, MT8797

Affected Software Versions

Android 11.0, 12.0

CVE

CVE-2022-26446

Title

Reachable assertion in Modem 4G RRC

Severity

Medium

Vulnerability Type

DoS

CWE

CWE-617 Reachable Assertion

Description

In Modem 4G RRC, there is a possible system crash due to improper input validation. This could lead to remote denial of service, when concatenating improper SIB12 (CMAS message), with no additional execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT2731, MT2735, MT6297, MT6725, MT6739, MT6761, MT6762, MT6762D, MT6762M, MT6763, MT6765, MT6765T, MT6767, MT6768, MT6769, MT6769T, MT6769Z, MT6771, MT6779, MT6781, MT6783, MT6785, MT6785T, MT6789, MT6833, MT6853, MT6855, MT6873, MT6875, MT6877, MT6879, MT6880, MT6883, MT6885, MT6889, MT6890, MT6891, MT6893, MT6895, MT6983, MT8385, MT8666, MT8667, MT8675, MT8765, MT8766, MT8768, MT8786, MT8788, MT8789, MT8791, MT8797

Affected Software Versions

Modem LR12A, LR13, NR15, NR16

CVE

CVE-2022-21778

Title

Improper input validation in vpu

Severity

Medium

Vulnerability Type

EoP

CWE

CWE-20 Improper Input Validation

Description

In vpu, there is a possible information disclosure due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT6771, MT6779, MT6785, MT6853, MT6853T, MT6873, MT6877, MT6885, MT6891, MT6893, MT8168, MT8175, MT8183, MT8365, MT8385, MT8788

Affected Software Versions

Android 10.0, 11.0, 12.0

CVE

CVE-2022-32603

Title

Improper input validation in gpu drm

Severity

Medium

Vulnerability Type

EoP

CWE

CWE-20 Improper Input Validation

Description

In gpu drm, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT6879, MT6893, MT6895, MT6985, MT8795T, MT8798

Affected Software Versions

Android 12.0

CVE

CVE-2022-32605

Title

Improper input validation in isp

Severity

Medium

Vulnerability Type

EoP

CWE

CWE-20 Improper Input Validation

Description

In isp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT6879, MT6895, MT6983

Affected Software Versions

Android 12.0

CVE

CVE-2022-32607

Title

Improper input validation in aee

Severity

Medium

Vulnerability Type

EoP

CWE

CWE-20 Improper Input Validation

Description

In aee, there is a possible use after free due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT6580, MT6739, MT6761, MT6762, MT6765, MT6768, MT6769, MT6771, MT6779, MT6781, MT6785, MT6789, MT6833, MT6853, MT6853T, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6889, MT6891, MT6893, MT6895, MT6983, MT8167, MT8167S, MT8168, MT8173, MT8175, MT8362A, MT8365, MT8385, MT8666, MT8675, MT8696, MT8765, MT8766, MT8768, MT8786, MT8788, MT8791, MT8791T, MT8795T, MT8797, MT8871, MT8891

Affected Software Versions

Android 11.0, 12.0

CVE

CVE-2022-32608

Title

Time-of-check time-of-use (toctou) race condition in jpeg

Severity

Medium

Vulnerability Type

EoP

CWE

CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition

Description

In jpeg, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT6893, MT6895

Affected Software Versions

Android 12.0

CVE

CVE-2022-32609

Title

Improper synchronization in vcu

Severity

Medium

Vulnerability Type

EoP

CWE

CWE-662 Improper Synchronization

Description

In vcu, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT6762, MT6768, MT6779, MT6781, MT6785, MT6789, MT6833, MT6853, MT6853T, MT6855, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6889, MT6891, MT6893, MT6895, MT6983, MT8168, MT8185, MT8365, MT8696, MT8768, MT8786, MT8789, MT8791, MT8797, MT8798

Affected Software Versions

Android 11.0, 12.0, 13.0

CVE

CVE-2022-32610

Title

Improper synchronization in vcu

Severity

Medium

Vulnerability Type

EoP

CWE

CWE-662 Improper Synchronization

Description

In vcu, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT6762, MT6768, MT6769, MT6779, MT6781, MT6785, MT6789, MT6833, MT6853, MT6853T, MT6855, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6889, MT6891, MT6893, MT6895, MT6983, MT8168, MT8185, MT8365, MT8696, MT8768, MT8786, MT8789, MT8791, MT8797, MT8798

Affected Software Versions

Android 11.0, 12.0, 13.0

CVE

CVE-2022-32611

Title

Improper input validation in isp

Severity

Medium

Vulnerability Type

EoP

CWE

CWE-20 Improper Input Validation

Description

In isp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT6879, MT6895, MT6983

Affected Software Versions

Android 11.0, 12.0

CVE

CVE-2022-32612

Title

Concurrent execution using shared resource with improper synchronization (‘race condition’) in vcu

Severity

Medium

Vulnerability Type

EoP

CWE

CWE-662 Concurrent Execution using Shared Resource with Improper Synchronization (‘Race Condition’)

Description

In vcu, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT6762, MT6768, MT6769, MT6779, MT6781, MT6785, MT6789, MT6833, MT6853, MT6853T, MT6855, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6889, MT6891, MT6893, MT6895, MT6983, MT8168, MT8185, MT8365, MT8696, MT8768, MT8786, MT8789, MT8791, MT8797, MT8798

Affected Software Versions

Android 11.0, 12.0, 13.0

CVE

CVE-2022-32613

Title

Concurrent execution using shared resource with improper synchronization (‘race condition’) in vcu

Severity

Medium

Vulnerability Type

EoP

CWE

CWE-662 Concurrent Execution using Shared Resource with Improper Synchronization (‘Race Condition’)

Description

In vcu, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT6762, MT6768, MT6769, MT6779, MT6781, MT6785, MT6789, MT6833, MT6853, MT6853T, MT6855, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6889, MT6891, MT6893, MT6895, MT6983, MT8168, MT8185, MT8365, MT8696, MT8768, MT8786, MT8789, MT8791, MT8797, MT8798

Affected Software Versions

Android 11.0, 12.0, 13.0

CVE

CVE-2022-32614

Title

Double free in audio

Severity

Medium

Vulnerability Type

EoP

CWE

CWE-415 Double Free

Description

In audio, there is a possible memory corruption due to a logic error. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT6789, MT6855, MT6879, MT6893, MT6983, MT8168, MT8365, MT8797, MT8798

Affected Software Versions

Android 12.0

CVE

CVE-2022-32615

Title

Improper input validation in ccd

Severity

Medium

Vulnerability Type

EoP

CWE

CWE-20 Improper Input Validation

Description

In ccd, there is a possible out of bounds write due to uninitialized data. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT6983, MT8871, MT8891

Affected Software Versions

Android 12.0

CVE

CVE-2022-32616

Title

Improper input validation in isp

Severity

Medium

Vulnerability Type

EoP

CWE

CWE-20 Improper Input Validation

Description

In isp, there is a possible out of bounds write due to uninitialized data. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT6983, MT8871, MT8891

Affected Software Versions

Android 12.0

CVE

CVE-2022-32617

Title

Incorrect calculation of buffer size in typec

Severity

Medium

Vulnerability Type

EoP

CWE

CWE-131 Incorrect Calculation of Buffer Size

Description

In typec, there is a possible out of bounds write due to an incorrect calculation of buffer size. This could lead to local escalation of privilege, for an attacker who has physical access to the device, with no additional execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT6789, MT6855, MT6895, MT6983, MT8798

Affected Software Versions

Android 11.0, 12.0, 13.0

CVE

CVE-2022-32618

Title

Incorrect calculation of buffer size in typec

Severity

Medium

Vulnerability Type

EoP

CWE

CWE-131 Incorrect Calculation of Buffer Size

Description

In typec, there is a possible out of bounds write due to an incorrect calculation of buffer size. This could lead to local escalation of privilege, for an attacker who has physical access to the device, with no additional execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT6833, MT6873, MT6893, MT8798

Affected Software Versions

Android 11.0, 12.0, 13.0

****Vulnerability Type Definition****

Abbreviation

Definition

RCE

Remote Code Execution

EoP

Elevation of Privilege

ID

Information Disclosure

DoS

Denial of Service

N/A

Classification not available

****Versions****

Version

Date

Description

1.0

November 7, 2022

Bulletin published.

****Notes****

Information above is generated only at the time of creation of this Security Bulletin. The list of affected chipsets could be not complete. For any further information, device OEMs can reach your MediaTek contact person if needed.

If you want to report a security vulnerability in MediaTek chipsets or products, please go to Report Security Vulnerability page on MediaTek website.