CVE-2022-32665: January 2023

January 2023 Product Security Bulletin

Published 2023-01-03

The MediaTek Product Security Bulletin contains details of security vulnerabilities affecting MediaTek Smartphone, Tablet, AIoT, Smart display, Smart platform, OTT and Wi-Fi chipsets. Device OEMs have been notified of all the issues and the corresponding security patches for at least two months before publication.

The severity of the identified vulnerabilities was conducted based on the Common Vulnerability Scoring System version 3.1 (CVSS v3.1).

****Summary****

Severity

CVEs

High

CVE-2022-32635, CVE-2022-32636, CVE-2022-32637

Medium

CVE-2022-32638, CVE-2022-32639, CVE-2022-32640, CVE-2022-32641, CVE-2022-32644, CVE-2022-32645, CVE-2022-32646, CVE-2022-32647, CVE-2022-32648, CVE-2022-32649, CVE-2022-32650, CVE-2022-32651, CVE-2022-32652, CVE-2022-32653, CVE-2022-32623, CVE-2022-32657, CVE-2022-32658, CVE-2022-32659, CVE-2022-32664, CVE-2022-32665

****Details****

CVE

CVE-2022-32635

Title

Improper input validation in gps

Severity

High

Vulnerability Type

EoP

CWE

CWE-20 Improper Input Validation

Description

In gps, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT6580, MT6735, MT6739, MT6753, MT6757, MT6761, MT6762, MT6763, MT6765, MT6768, MT6769, MT6771, MT6779, MT6781, MT6785, MT6789, MT6833, MT6853, MT6853T, MT6855, MT6873, MT6875, MT6877, MT6879, MT6891, MT6893, MT6895, MT6983, MT8167, MT8168, MT8173, MT8185, MT8321, MT8362A, MT8365, MT8385, MT8666, MT8667, MT8675, MT8765, MT8766, MT8768, MT8786, MT8788, MT8789, MT8791, MT8791T, MT8797

Affected Software Versions

Android 10.0, 11.0, 12.0, 13.0

CVE

CVE-2022-32636

Title

Improper input validation in keyinstall

Severity

High

Vulnerability Type

EoP

CWE

CWE-20 Improper Input Validation

Description

In keyinstall, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT6580, MT6731, MT6735, MT6737, MT6739, MT6753, MT6757, MT6757C, MT6757CD, MT6757CH, MT6761, MT6762, MT6763, MT6765, MT6768, MT6769, MT6771, MT6779, MT6781, MT6785, MT6789, MT6833, MT6853, MT6853T, MT6855, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6889, MT6891, MT6893, MT6895, MT6983, MT8185, MT8321, MT8385, MT8666, MT8667, MT8765, MT8766, MT8768, MT8786, MT8788, MT8789, MT8791, MT8791T, MT8797

Affected Software Versions

Android 10.0, 11.0, 12.0, 13.0

CVE

CVE-2022-32637

Title

Improper input validation in hevc decoder

Severity

High

Vulnerability Type

EoP

CWE

CWE-20 Improper Input Validation

Description

In hevc decoder, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT6781, MT6785, MT6833, MT6853, MT6853T, MT6873, MT6883, MT6885, MT6889, MT8185, MT8789

Affected Software Versions

Android 10.0, 11.0

CVE

CVE-2022-32638

Title

Time-of-check time-of-use (toctou) race condition in isp

Severity

Medium

Vulnerability Type

EoP

CWE

CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition

Description

In isp, there is a possible out of bounds write due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT6781, MT6833, MT6853, MT6855, MT6873, MT6877, MT6885, MT6893, MT8167, MT8167S, MT8168, MT8173, MT8175, MT8185, MT8321, MT8362A, MT8365, MT8385, MT8666, MT8675, MT8765, MT8766, MT8768, MT8786, MT8788, MT8789, MT8791, MT8791T, MT8797

Affected Software Versions

Android 11.0, 12.0, 13.0

CVE

CVE-2022-32639

Title

Exposure of sensitive information to an unauthorized actor in watchdog

Severity

Medium

Vulnerability Type

EoP

CWE

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

Description

In watchdog, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT6739, MT6768, MT6771, MT6781, MT6785, MT6833, MT6853, MT6873, MT6877, MT8167, MT8167S, MT8362A, MT8385, MT8518S, MT8532, MT8765, MT8786, MT8791

Affected Software Versions

Android 11.0, 12.0

CVE

CVE-2022-32640

Title

Improper input validation in meta wifi

Severity

Medium

Vulnerability Type

EoP

CWE

CWE-20 Improper Input Validation

Description

In meta wifi, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT6580, MT6731, MT6735, MT6737, MT6739, MT6753, MT6757, MT6757C, MT6757CD, MT6757CH, MT6761, MT6762, MT6763, MT6765, MT6768, MT6769, MT6771, MT6779, MT6781, MT6785, MT6789, MT6833, MT6853, MT6853T, MT6855, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6889, MT6891, MT6893, MT6895, MT6983, MT8167, MT8168, MT8173, MT8185, MT8321, MT8362A, MT8365, MT8385, MT8666, MT8675, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791, MT8791T, MT8797

Affected Software Versions

Android 11.0, 12.0

CVE

CVE-2022-32641

Title

Improper input validation in meta wifi

Severity

Medium

Vulnerability Type

EoP

CWE

CWE-20 Improper Input Validation

Description

In meta wifi, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT6580, MT6731, MT6735, MT6737, MT6739, MT6753, MT6757, MT6757C, MT6757CD, MT6757CH, MT6761, MT6762, MT6763, MT6765, MT6768, MT6769, MT6771, MT6779, MT6781, MT6785, MT6789, MT6833, MT6853, MT6853T, MT6855, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6889, MT6891, MT6893, MT6895, MT6983, MT8167, MT8168, MT8173, MT8185, MT8321, MT8362A, MT8365, MT8385, MT8666, MT8675, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791, MT8791T, MT8797

Affected Software Versions

Android 11.0, 12.0, 13.0

CVE

CVE-2022-32644

Title

Improper synchronization in vow

Severity

Medium

Vulnerability Type

EoP

CWE

CWE-662 Improper Synchronization

Description

In vow, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT6789, MT6833, MT6853, MT6855, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6891, MT6893, MT6895, MT6983, MT8781, MT8791, MT8791T, MT8797

Affected Software Versions

Android 11.0, 12.0, 13.0

CVE

CVE-2022-32645

Title

Improper synchronization in vow

Severity

Medium

Vulnerability Type

ID

CWE

CWE-662 Improper Synchronization

Description

In vow, there is a possible information disclosure due to a race condition. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT6789, MT6833, MT6853, MT6855, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6891, MT6893, MT6895, MT6983, MT8781, MT8791, MT8791T, MT8797

Affected Software Versions

Android 11.0, 12.0, 13.0

CVE

CVE-2022-32646

Title

Improper input validation in gpu drm

Severity

Medium

Vulnerability Type

EoP

CWE

CWE-20 Improper Input Validation

Description

In gpu drm, there is a possible stack overflow due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT6761, MT6765, MT6768, MT6779, MT6781, MT6785, MT6789, MT6833, MT6853, MT6855, MT6873, MT6877, MT6879, MT6883, MT6885, MT6889, MT6893, MT6895, MT6983, MT8675, MT8766, MT8781, MT8791

Affected Software Versions

Android 11.0, 12.0, 13.0

CVE

CVE-2022-32647

Title

Improper input validation in ccu

Severity

Medium

Vulnerability Type

EoP

CWE

CWE-20 Improper Input Validation

Description

In ccu, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT6879, MT6895, MT6983

Affected Software Versions

Android 12.0, 13.0

CVE

CVE-2022-32648

Title

Improper synchronization in disp

Severity

Medium

Vulnerability Type

EoP

CWE

CWE-662 Improper Synchronization

Description

In disp, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT6735, MT6737, MT6739, MT6753, MT6757, MT6761, MT6763, MT6765, MT6768, MT6771, MT6779, MT6785, MT6789

Affected Software Versions

Android 11.0, 12.0

CVE

CVE-2022-32649

Title

Incorrect calculation of buffer size in jpeg

Severity

Medium

Vulnerability Type

EoP

CWE

CWE-131 Incorrect Calculation of Buffer Size

Description

In jpeg, there is a possible use after free due to a logic error. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT6895, MT6983

Affected Software Versions

Android 12.0

CVE

CVE-2022-32650

Title

Incorrect calculation of buffer size in isp

Severity

Medium

Vulnerability Type

EoP

CWE

CWE-131 Incorrect Calculation of Buffer Size

Description

In mtk-isp, there is a possible use after free due to a logic error. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT6879, MT6895, MT6983

Affected Software Versions

Android 12.0, 13.0

CVE

CVE-2022-32651

Title

Incorrect calculation of buffer size in mtk-aie

Severity

Medium

Vulnerability Type

EoP

CWE

CWE-131 Incorrect Calculation of Buffer Size

Description

In mtk-aie, there is a possible use after free due to a logic error. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT6879, MT6983

Affected Software Versions

Android 12.0

CVE

CVE-2022-32652

Title

Improper input validation in isp

Severity

Medium

Vulnerability Type

EoP

CWE

CWE-20 Improper Input Validation

Description

In mtk-aie, there is a possible use after free due to a logic error. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT6833, MT6853, MT6877, MT6893, MT8791

Affected Software Versions

Android 11.0, 12.0, 13.0

CVE

CVE-2022-32653

Title

Improper input validation in isp

Severity

Medium

Vulnerability Type

EoP

CWE

CWE-20 Improper Input Validation

Description

In mtk-aie, there is a possible use after free due to a logic error. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT6789, MT6855, MT6879, MT6983, MT8781

Affected Software Versions

Android 12.0, 13.0

CVE

CVE-2022-32623

Title

Improper check or handling of exceptional conditions in mdp

Severity

Medium

Vulnerability Type

EoP

CWE

CWE-703 Improper Check or Handling of Exceptional Conditions

Description

In mdp, there is a possible out of bounds write due to incorrect error handling. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT6789, MT6855, MT6879, MT6895, MT6983, MT8168, MT8365, MT8781

Affected Software Versions

Android 12.0

CVE

CVE-2022-32657

Title

Improper input validation in Wi-Fi driver

Severity

Medium

Vulnerability Type

EoP

CWE

CWE-20 Improper Input Validation

Description

In Wi-Fi driver, there is a possible undefined behavior due to incorrect error handling. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT7603, MT7613, MT7615, MT7622, MT7628, MT7629, MT7915, MT7916, MT7981, MT7986

Affected Software Versions

7.6.6.0

CVE

CVE-2022-32658

Title

Improper input validation in Wi-Fi driver

Severity

Medium

Vulnerability Type

EoP

CWE

CWE-20 Improper Input Validation

Description

In Wi-Fi driver, there is a possible undefined behavior due to incorrect error handling. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT7603, MT7613, MT7615, MT7622, MT7628, MT7629, MT7915, MT7916, MT7981, MT7986

Affected Software Versions

7.6.6.0

CVE

CVE-2022-32659

Title

Improper input validation in Wi-Fi driver

Severity

Medium

Vulnerability Type

EoP

CWE

CWE-20 Improper Input Validation

Description

In Wi-Fi driver, there is a possible undefined behavior due to incorrect error handling. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT7603, MT7613, MT7615, MT7622, MT7628, MT7629, MT7915, MT7916, MT7981, MT7986, MT8518S, MT8532

Affected Software Versions

7.6.6.0, and Yocto 3.1, 3.3

CVE

CVE-2022-32664

Title

Improper input validation in Config Manager

Severity

Medium

Vulnerability Type

EoP

CWE

CWE-20 Improper Input Validation

Description

In Config Manager, there is a possible command injection due to improper input validation. This could lead to remote escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.

Affected Chipsets

EN7516, EN7528, EN7529, EN7561, EN7562, EN7580

Affected Software Versions

Linux SDK versions less than TLM-7.3.293.0

CVE

CVE-2022-32665

Title

Improper input validation in Boa

Severity

Medium

Vulnerability Type

EoP

CWE

CWE-20 Improper Input Validation

Description

In Boa, there is a possible command injection due to improper input validation. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

EN7528, EN7580

Affected Software Versions

Linux SDK versions less than TLB7.3.258.100-P1-1555

****Vulnerability Type Definition****

Abbreviation

Definition

RCE

Remote Code Execution

EoP

Elevation of Privilege

ID

Information Disclosure

DoS

Denial of Service

N/A

Classification not available

****Versions****

Version

Date

Description

1.0

January 3, 2023

Bulletin published.

****Notes****

Information above is generated only at the time of creation of this Security Bulletin. The list of affected chipsets could be not complete. For any further information, device OEMs can reach your MediaTek contact person if needed.

If you want to report a security vulnerability in MediaTek chipsets or products, please go to Report Security Vulnerability page on MediaTek website.