Headline
CVE-2022-21788: August 2022
In scp, there is a possible undefined behavior due to incorrect error handling. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06988728; Issue ID: ALPS06988728.
August 2022 Product Security Bulletin
Published 2022-08-01
The MediaTek Product Security Bulletin contains details of security vulnerabilities affecting MediaTek Smartphone, Tablet, AIoT, Smart display, Smart platform, OTT and NBIoT chipsets. Device OEMs have been notified of all the issues and the corresponding security patches for at least two months before publication.
The severity of the identified vulnerabilities was conducted based on the Common Vulnerability Scoring System version 3.1 (CVSS v3.1).
****Summary****
Severity
CVEs
High
CVE-2022-26437
Medium
CVE-2022-21789, CVE-2022-21790, CVE-2022-21791, CVE-2022-21792, CVE-2022-26426, CVE-2022-26427, CVE-2022-26428, CVE-2022-26429, CVE-2022-21788, CVE-2022-26430, CVE-2022-26431, CVE-2022-26432, CVE-2022-26433, CVE-2022-26434, CVE-2022-26435, CVE-2022-26436, CVE-2022-26438, CVE-2022-26439, CVE-2022-26440, CVE-2022-26441, CVE-2022-26442, CVE-2022-26443, CVE-2022-26444, CVE-2022-26445
****Details****
CVE
CVE-2022-26437
Title
Out-of-bounds write in httpclient
Severity
High
Vulnerability Type
EoP
CWE
CWE-787 Out-of-bounds Write
Description
In httpclient, there is a possible out of bounds write due to uninitialized data. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets
MT2621, MT2625
Affected Software Versions
NBIOT SDK V2.8.1
CVE
CVE-2022-21789
Title
Concurrent execution using shared resource with improper synchronization (‘race condition’) in audio ipi
Severity
Medium
Vulnerability Type
EoP
CWE
CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization (‘Race Condition’)
Description
In audio ipi, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets
MT6779, MT6781, MT6785, MT6853, MT6853T, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6889, MT6891, MT6893, MT6895, MT6983, MT6985, MT8791, MT8797, MT8798
Affected Software Versions
Android 11.0, 12.0
CVE
CVE-2022-21790
Title
Improper input validation in camera isp
Severity
Medium
Vulnerability Type
ID
CWE
CWE-20 Improper Input Validation
Description
In camera isp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets
MT6833, MT6853, MT6873, MT6877, MT6893
Affected Software Versions
Android 11.0, 12.0
CVE
CVE-2022-21791
Title
Improper input validation in camera isp
Severity
Medium
Vulnerability Type
ID
CWE
CWE-20 Improper Input Validation
Description
In camera isp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets
MT6833, MT6853, MT6873, MT6877, MT6885, MT6893
Affected Software Versions
Android 11.0, 12.0
CVE
CVE-2022-21792
Title
Improper input validation in camera isp
Severity
Medium
Vulnerability Type
EoP
CWE
CWE-20 Improper Input Validation
Description
In camera isp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets
MT6833, MT6853, MT6853T, MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6893
Affected Software Versions
Android 11.0, 12.0
CVE
CVE-2022-26426
Title
Improper input validation in camera isp
Severity
Medium
Vulnerability Type
EoP
CWE
CWE-20 Improper Input Validation
Description
In camera isp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets
MT6833, MT6853, MT6873, MT6877, MT6893, MT8167, MT8167S, MT8168, MT8175, MT8185, MT8362A, MT8365, MT8385, MT8666, MT8675, MT8765, MT8786, MT8788, MT8789, MT8791, MT8797
Affected Software Versions
Android 11.0, 12.0
CVE
CVE-2022-26427
Title
Improper input validation in camera isp
Severity
Medium
Vulnerability Type
EoP
CWE
CWE-20 Improper Input Validation
Description
In camera isp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets
MT6833, MT6853, MT6873, MT6877, MT6893
Affected Software Versions
Android 11.0, 12.0
CVE
CVE-2022-26428
Title
Concurrent execution using shared resource with improper synchronization (‘race condition’) in video codec
Severity
Medium
Vulnerability Type
EoP
CWE
CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization (‘Race Condition’)
Description
In video codec, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets
MT6739, MT6761, MT6765, MT6771, MT8163, MT8167, MT8173, MT8183, MT8362A, MT8385, MT8695
Affected Software Versions
Android 11.0, 12.0
CVE
CVE-2022-26429
Title
Improper access control in cta
Severity
Medium
Vulnerability Type
EoP
CWE
CWE-284 Improper Access Control
Description
In cta, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets
MT6580, MT6735, MT6739, MT6757, MT6761, MT6762, MT6763, MT6765, MT6768, MT6769, MT6771, MT6779, MT6781, MT6785, MT6833, MT6853, MT6855, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6889, MT6893, MT6895, MT6983, MT8168, MT8173, MT8185, MT8321, MT8365, MT8385, MT8765, MT8766, MT8768, MT8786, MT8788, MT8789, MT8791, MT8797
Affected Software Versions
Android 11.0, 12.0
CVE
CVE-2022-21788
Title
Detection of error condition without action in scp
Severity
Medium
Vulnerability Type
EoP
CWE
CWE-390 Detection of Error Condition Without Action
Description
In scp, there is a possible undefined behavior due to incorrect error handling. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets
MT6879, MT6895, MT6983
Affected Software Versions
Android 12.0
CVE
CVE-2022-26430
Title
Access of resource using incompatible type (‘type confusion’) in mailbox
Severity
Medium
Vulnerability Type
EoP
CWE
CWE-843 Access of Resource Using Incompatible Type (‘Type Confusion’)
Description
In mailbox, there is a possible out of bounds write due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets
MT6833, MT6853, MT6873, MT6877, MT6879, MT6885, MT6893, MT6895, MT6983, MT8185, MT8321, MT8385, MT8532, MT8666, MT8675, MT8765, MT8766, MT8768, MT8786, MT8788, MT8789, MT8791, MT8797
Affected Software Versions
Android 11.0, 12.0 or Yocto 3.1, 3.3
CVE
CVE-2022-26431
Title
Improper input validation in mailbox
Severity
Medium
Vulnerability Type
EoP
CWE
CWE-20 Improper Input Validation
Description
In mailbox, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets
MT6833, MT6853, MT6873, MT6877, MT6879, MT6885, MT6893, MT6895, MT6983, MT8185, MT8321, MT8385, MT8532, MT8666, MT8675, MT8765, MT8766, MT8768, MT8786, MT8788, MT8789, MT8791, MT8797
Affected Software Versions
Android 11.0, 12.0 or Yocto 3.1, 3.3
CVE
CVE-2022-26432
Title
Improper input validation in mailbox
Severity
Medium
Vulnerability Type
EoP
CWE
CWE-20 Improper Input Validation
Description
In mailbox, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets
MT6833, MT6853, MT6873, MT6877, MT6879, MT6885, MT6893, MT6895, MT6983, MT8185, MT8321, MT8385, MT8532, MT8666, MT8675, MT8765, MT8766, MT8768, MT8786, MT8788, MT8789, MT8791, MT8797
Affected Software Versions
Android 11.0, 12.0 or Yocto 3.1, 3.3
CVE
CVE-2022-26433
Title
Access of resource using incompatible type (‘type confusion’) in mailbox
Severity
Medium
Vulnerability Type
EoP
CWE
CWE-843 Access of Resource Using Incompatible Type (‘Type Confusion’)
Description
In mailbox, there is a possible out of bounds write due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets
MT6833, MT6853, MT6873, MT6877, MT6879, MT6885, MT6893, MT6895, MT6983, MT8167, MT8167S, MT8168, MT8173, MT8175, MT8185, MT8321, MT8362A, MT8365, MT8385, MT8532, MT8666, MT8675, MT8765, MT8766, MT8768, MT8786, MT8788, MT8789, MT8791, MT8797
Affected Software Versions
Android 11.0, 12.0 or Yocto 3.1, 3.3
CVE
CVE-2022-26434
Title
Improper input validation in mailbox
Severity
Medium
Vulnerability Type
EoP
CWE
CWE-20 Improper Input Validation
Description
In mailbox, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets
MT6833, MT6853, MT6873, MT6877, MT6879, MT6885, MT6893, MT6895, MT6983, MT8167, MT8167S, MT8168, MT8173, MT8175, MT8185, MT8321, MT8362A, MT8365, MT8385, MT8532, MT8666, MT8675, MT8765, MT8766, MT8768, MT8786, MT8788, MT8789, MT8791, MT8797
Affected Software Versions
Android 11.0, 12.0 or Yocto 3.1, 3.3
CVE
CVE-2022-26435
Title
Access of resource using incompatible type (‘type confusion’) in mailbox
Severity
Medium
Vulnerability Type
EoP
CWE
CWE-843 Access of Resource Using Incompatible Type (‘Type Confusion’)
Description
In mailbox, there is a possible out of bounds write due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets
MT6833, MT6853, MT6873, MT6877, MT6879, MT6885, MT6893, MT6895, MT6983, MT8167, MT8167S, MT8168, MT8173, MT8175, MT8185, MT8321, MT8362A, MT8365, MT8385, MT8532, MT8666, MT8675, MT8765, MT8766, MT8768, MT8786, MT8788, MT8789, MT8791, MT8797
Affected Software Versions
Android 11.0, 12.0 or Yocto 3.1, 3.3
CVE
CVE-2022-26436
Title
Improper input validation in emi mpu
Severity
Medium
Vulnerability Type
ID
CWE
CWE-20 Improper Input Validation
Description
In emi mpu, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets
MT6855, MT6879, MT6895, MT6983
Affected Software Versions
Android 12.0
CVE
CVE-2022-26438
Title
Improper input validation in wifi driver
Severity
Medium
Vulnerability Type
EoP
CWE
CWE-20 Improper Input Validation
Description
In wifi driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets
MT7603, MT7610, MT7612, MT7613, MT7615, MT7620, MT7622, MT7628, MT7629, MT7915, MT7916, MT7986, MT8981
Affected Software Versions
7.6.2.3
CVE
CVE-2022-26439
Title
Improper input validation in wifi driver
Severity
Medium
Vulnerability Type
EoP
CWE
CWE-20 Improper Input Validation
Description
In wifi driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets
MT7603, MT7610, MT7612, MT7613, MT7615, MT7620, MT7622, MT7628, MT7629, MT7915, MT7916, MT7986, MT8981
Affected Software Versions
7.6.2.3
CVE
CVE-2022-26440
Title
Improper input validation in wifi driver
Severity
Medium
Vulnerability Type
EoP
CWE
CWE-20 Improper Input Validation
Description
In wifi driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets
MT7603, MT7610, MT7612, MT7613, MT7615, MT7620, MT7622, MT7628, MT7629, MT7915, MT7916, MT7986, MT8981
Affected Software Versions
7.6.2.3
CVE
CVE-2022-26441
Title
Improper input validation in wifi driver
Severity
Medium
Vulnerability Type
EoP
CWE
CWE-20 Improper Input Validation
Description
In wifi driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets
MT7603, MT7610, MT7612, MT7613, MT7615, MT7620, MT7622, MT7628, MT7629, MT7915, MT7916, MT7986, MT8981
Affected Software Versions
7.6.2.3
CVE
CVE-2022-26442
Title
Improper input validation in wifi driver
Severity
Medium
Vulnerability Type
EoP
CWE
CWE-20 Improper Input Validation
Description
In wifi driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets
MT7603, MT7610, MT7612, MT7613, MT7615, MT7620, MT7622, MT7628, MT7629, MT7915, MT7916, MT7986, MT8981
Affected Software Versions
7.6.2.3
CVE
CVE-2022-26443
Title
Improper input validation in wifi driver
Severity
Medium
Vulnerability Type
EoP
CWE
CWE-20 Improper Input Validation
Description
In wifi driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets
MT7603, MT7610, MT7612, MT7613, MT7615, MT7620, MT7622, MT7628, MT7629, MT7915, MT7916, MT7986, MT8981
Affected Software Versions
7.6.2.3
CVE
CVE-2022-26444
Title
Improper input validation in wifi driver
Severity
Medium
Vulnerability Type
EoP
CWE
CWE-20 Improper Input Validation
Description
In wifi driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets
MT7603, MT7610, MT7612, MT7613, MT7615, MT7620, MT7622, MT7628, MT7629, MT7915, MT7916, MT7986, MT8981
Affected Software Versions
7.6.2.3
CVE
CVE-2022-26445
Title
Improper input validation in wifi driver
Severity
Medium
Vulnerability Type
EoP
CWE
CWE-20 Improper Input Validation
Description
In wifi driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets
MT7603, MT7610, MT7612, MT7613, MT7615, MT7620, MT7622, MT7628, MT7629, MT7915, MT7916, MT7986, MT8981
Affected Software Versions
7.6.2.3
****Vulnerability Type Definition****
Abbreviation
Definition
RCE
Remote Code Execution
EoP
Elevation of Privilege
ID
Information Disclosure
DoS
Denial of Service
N/A
Classification not available
****Versions****
Version
Date
Description
1.0
August 1, 2022
Bulletin published.
****Notes****
Information above is generated only at the time of creation of this Security Bulletin. The list of affected chipsets could be not complete. For any further information, device OEMs can reach your MediaTek contact person if needed.
If you want to report a security vulnerability in MediaTek chipsets or products, please go to Report Security Vulnerability page on MediaTek website.
Related news
In Boa, there is a possible escalation of privilege due to a stack buffer overflow. This could lead to remote escalation of privilege from a proximal attacker with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: A20210008; Issue ID: OSBNB00123241.