In Bluetooth, there is a possible information disclosure due to incorrect error handling. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06108487; Issue ID: ALPS06108487.

**February 2022 Product Security Bulletin**

Published 2022-02-07

The MediaTek Product Security Bulletin contains details of security vulnerabilities affecting MediaTek Smartphone, Tablet, AIoT and Smart display chipsets. Device OEMs have been notified of all the issues and the corresponding security patches for at least two months before publication.

The severity of the identified vulnerabilities was conducted based on the Common Vulnerability Scoring System version 3.1 (CVSS v3.1).

****Summary****

Severity

**CVEs**

High

CVE-2022-20024, CVE-2022-20025, CVE-2022-20026, CVE-2022-20027, CVE-2022-20028

Medium

CVE-2022-20029, CVE-2022-20030, CVE-2022-20031, CVE-2022-20032, CVE-2022-20033, CVE-2022-20017, CVE-2022-20034, CVE-2022-20035, CVE-2022-20036, CVE-2022-20037, CVE-2022-20038, CVE-2022-20039, CVE-2022-20040, CVE-2022-20041, CVE-2022-20042, CVE-2022-20043, CVE-2022-20044, CVE-2022-20045, CVE-2022-20046

****Details****

CVE

**CVE-2022-20024**

Title

Improper input validation in system service

Severity

High

Vulnerability Type

EoP

CWE

CWE-20 Improper Input Validation

Description

In system service, there is a possible permission bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT6580, MT6739, MT6750, MT6761, MT6762, MT6763, MT6765, MT6768, MT6771, MT6779, MT8167, MT8168, MT8173, MT8175, MT8185, MT8321, MT8362A, MT8365, MT8385, MT8765, MT8766, MT8768, MT8786, MT8788, MT8789, MT8791, MT8797

Affected Software Versions

Android 11.0, 12.0

CVE

**CVE-2022-20025**

Title

Stack-based buffer overflow in Bluetooth

Severity

High

Vulnerability Type

EoP

CWE

CWE-121 Stack-based Buffer Overflow

Description

In Bluetooth, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT8167, MT8175, MT8183, MT8362A, MT8365, MT8385

Affected Software Versions

Android 8.1, 9.0, 10.0, 11.0, 12.0

CVE

**CVE-2022-20026**

Title

Stack-based buffer overflow in Bluetooth

Severity

High

Vulnerability Type

EoP

CWE

CWE-122 Stack-based Buffer Overflow

Description

In Bluetooth, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT8167, MT8175, MT8183, MT8362A, MT8365, MT8385

Affected Software Versions

Android 8.1, 9.0, 10.0, 11.0, 12.0

CVE

**CVE-2022-20027**

Title

Stack-based buffer overflow in Bluetooth

Severity

High

Vulnerability Type

EoP

CWE

CWE-123 Stack-based Buffer Overflow

Description

In Bluetooth, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT8167, MT8175, MT8183, MT8362A, MT8365, MT8385

Affected Software Versions

Android 8.1, 9.0, 10.0, 11.0, 12.0

CVE

**CVE-2022-20028**

Title

Stack-based buffer overflow in Bluetooth

Severity

High

Vulnerability Type

EoP

CWE

CWE-123 Stack-based Buffer Overflow

Description

In Bluetooth, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT8167, MT8175, MT8183, MT8362A, MT8365, MT8385

Affected Software Versions

Android 8.1, 9.0, 10.0, 11.0, 12.0

CVE

**CVE-2022-20029**

Title

Out-of-bounds read in cmdq driver

Severity

Medium

Vulnerability Type

ID

CWE

CWE-125 Out-of-bounds Read

Description

In cmdq driver, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT6761, MT6762, MT6763, MT6765, MT6768, MT6769, MT6771, MT6779, MT6785, MT6833, MT6853, MT6853T, MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893, MT8163, MT8167, MT8168, MT8173, MT8175, MT8183, MT8321, MT8362A, MT8365, MT8385, MT8735B, MT8765, MT8766, MT8768, MT8786, MT8788, MT8791, MT8797

Affected Software Versions

Android 10.0, 11.0, 12.0

CVE

**CVE-2022-20030**

Title

Stack-based buffer overflow in vow driver

Severity

Medium

Vulnerability Type

EoP

CWE

CWE-121 Stack-based Buffer Overflow

Description

In vow driver, there is a possible out of bounds write due to a stack-based buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT6781, MT6785, MT6833, MT6853, MT6853T, MT6873, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893, MT8185, MT8789, MT8791, MT8797

Affected Software Versions

Android 10.0, 11.0, 12.0

CVE

**CVE-2022-20031**

Title

Use after free in fb driver

Severity

Medium

Vulnerability Type

EoP

CWE

CWE-416 Use After Free

Description

In fb driver, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT6580, MT6582E, MT6582H, MT6582T, MT6582W, MT6582\_90, MT6589, MT6589TD, MT6592E, MT6592H, MT6592T, MT6592W, MT6592\_90, MT6595, MT6731, MT6732, MT6735, MT6737, MT6739, MT6750, MT6750S, MT6752, MT6753, MT6755, MT6755S, MT6757, MT6757C, MT6757CD, MT6757CH, MT6758, MT6761, MT6762, MT6763, MT6765, MT6768, MT6769, MT6771, MT6779, MT6781, MT6785, MT6795, MT6797, MT6799, MT6833, MT6853, MT6853T, MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893

Affected Software Versions

Android 10.0, 11.0

CVE

**CVE-2022-20032**

Title

Out-of-bounds read in vow driver

Severity

Medium

Vulnerability Type

ID

CWE

CWE-125 Out-of-bounds Read

Description

In vow driver, there is a possible memory corruption due to a race condition. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT6781, MT6785, MT6833, MT6853, MT6853T, MT6873, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893, MT8185, MT8789, MT8791, MT8797

Affected Software Versions

Android 10.0, 11.0, 12.0

CVE

**CVE-2022-20033**

Title

Out-of-bounds read in camera driver

Severity

Medium

Vulnerability Type

ID

CWE

CWE-125 Out-of-bounds Read

Description

In camera driver, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT6739, MT6761, MT6765, MT6768, MT6771, MT6779, MT6781, MT6833, MT6853, MT6853T, MT6873, MT6877, MT6883, MT6885, MT6889, MT6893, MT8167, MT8168, MT8173, MT8362A, MT8365

Affected Software Versions

Android 11.0, 12.0

CVE

**CVE-2022-20017**

Title

Exposure of sensitive information to an unauthorized actor in ion driver

Severity

Medium

Vulnerability Type

ID

CWE

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

Description

In ion driver, there is a possible information disclosure due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT6765, MT6785, MT6833, MT6853, MT6873, MT6877, MT6885, MT6893, MT8167, MT8168, MT8173, MT8175, MT8185, MT8321, MT8362A, MT8365, MT8385, MT8765, MT8766, MT8768, MT8786, MT8788, MT8789, MT8791, MT8797

Affected Software Versions

Android 10.0, 11.0, 12.0

CVE

**CVE-2022-20034**

Title

Improper authentication in Preloader XFLASH

Severity

Medium

Vulnerability Type

EoP

CWE

CWE-287 Improper Authentication

Description

In Preloader XFLASH, there is a possible escalation of privilege due to an improper certificate validation. This could lead to local escalation of privilege for an attacker who has physical access to the device with no additional execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT6580, MT6735, MT6739, MT6761, MT6763, MT6765, MT6768, MT6769, MT6771, MT6779, MT6781, MT6785, MT6799, MT6833, MT6853, MT6873, MT6875, MT6877, MT6885, MT6891, MT6893

Affected Software Versions

Android 11.0

CVE

**CVE-2022-20035**

Title

Use after free in vcu driver

Severity

Medium

Vulnerability Type

EoP

CWE

CWE-416 Use After Free

Description

In vcu driver, there is a possible information disclosure due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT6768, MT6769, MT6779, MT6781, MT6785, MT6833, MT6853, MT6853T, MT6873, MT6877, MT6885, MT6890, MT6891, MT6893, MT8167, MT8168, MT8173, MT8175, MT8185, MT8321, MT8362A, MT8365, MT8385, MT8765, MT8766, MT8768, MT8786, MT8788, MT8789, MT8791, MT8797

Affected Software Versions

Android 10.0, 11.0

CVE

**CVE-2022-20036**

Title

Exposure of sensitive information to an unauthorized actor in ion driver

Severity

Medium

Vulnerability Type

ID

CWE

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

Description

In ion driver, there is a possible information disclosure due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT6735, MT6737, MT6739, MT6750, MT6750S, MT6753, MT6755, MT6755S, MT6757, MT6757C, MT6757CD, MT6757CH, MT6758, MT6761, MT6762, MT6763, MT6765, MT6768, MT6769, MT6771, MT6779, MT6781, MT6785, MT6795, MT6797, MT6799, MT6833, MT6853, MT6853T, MT6873, MT6875, MT6877, MT6880, MT6883, MT6885, MT6889, MT6890, MT6891, MT6893, MT8167, MT8168, MT8173, MT8175, MT8185, MT8321, MT8362A, MT8365, MT8385, MT8765, MT8766, MT8768, MT8786, MT8788, MT8789, MT8791

Affected Software Versions

Android 10.0, 11.0

CVE

**CVE-2022-20037**

Title

Exposure of sensitive information to an unauthorized actor in ion driver

Severity

Medium

Vulnerability Type

ID

CWE

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

Description

In ion driver, there is a possible information disclosure due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT6735, MT6737, MT6739, MT6750, MT6750S, MT6753, MT6755, MT6755S, MT6757, MT6757C, MT6757CD, MT6757CH, MT6758, MT6761, MT6762, MT6763, MT6765, MT6768, MT6769, MT6771, MT6779, MT6781, MT6785, MT6795, MT6797, MT6799, MT6833, MT6853, MT6853T, MT6873, MT6875, MT6877, MT6880, MT6883, MT6885, MT6889, MT6890, MT6891, MT6893, MT8167, MT8168, MT8173, MT8175, MT8185, MT8321, MT8362A, MT8365, MT8385, MT8765, MT8766, MT8768, MT8786, MT8788, MT8789, MT8791, MT8797

Affected Software Versions

Android 10.0, 11.0

CVE

**CVE-2022-20038**

Title

Improper restriction of operations within the bounds of a memory buffer in ccu driver

Severity

Medium

Vulnerability Type

EoP

CWE

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

Description

In ccu driver, there is a possible memory corruption due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT6833, MT6853, MT6873, MT6877, MT6885, MT6893, MT8791, MT8797

Affected Software Versions

Android 11.0

CVE

**CVE-2022-20039**

Title

Integer overflow or wraparound in ccu driver

Severity

Medium

Vulnerability Type

EoP

CWE

CWE-190 Integer Overflow or Wraparound

Description

In ccu driver, there is a possible memory corruption due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT6833, MT6853, MT6873, MT6877, MT6883, MT6893, MT8791, MT8797

Affected Software Versions

Android 11.0

CVE

**CVE-2022-20040**

Title

Stack-based buffer overflow in power\_hal\_manager\_service

Severity

Medium

Vulnerability Type

EoP

CWE

CWE-121 Stack-based Buffer Overflow

Description

In power\_hal\_manager\_service, there is a possible permission bypass due to a stack-based buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT6735, MT6737, MT6739, MT6755, MT6757, MT6761, MT6771, MT6779, MT6785, MT6833, MT6853, MT6873, MT6875, MT6877, MT6880, MT6883, MT6885, MT6889, MT6890, MT6891, MT6893, MT8167, MT8168, MT8173, MT8175, MT8185, MT8321, MT8362A, MT8365, MT8385, MT8765, MT8766, MT8768, MT8786, MT8788, MT8789, MT8791, MT8797

Affected Software Versions

Android 11.0, 12.0

CVE

**CVE-2022-20041**

Title

Improper privilege management in Bluetooth

Severity

Medium

Vulnerability Type

EoP

CWE

CWE-269 Improper Privilege Management

Description

In Bluetooth, there is a possible escalation of privilege due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT8167, MT8175, MT8183, MT8362A, MT8365, MT8385

Affected Software Versions

Android 8.1, 9.0, 10.0, 11.0, 12.0

CVE

**CVE-2022-20042**

Title

Exposure of sensitive information to an unauthorized actor in Bluetooth

Severity

Medium

Vulnerability Type

ID

CWE

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

Description

In Bluetooth, there is a possible information disclosure due to incorrect error handling. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT8167, MT8175, MT8183, MT8362A, MT8365, MT8385

Affected Software Versions

Android 8.1, 9.0, 10.0, 11.0, 12.0

CVE

**CVE-2022-20043**

Title

Improper privilege management in Bluetooth

Severity

Medium

Vulnerability Type

EoP

CWE

CWE-269 Improper Privilege Management

Description

In Bluetooth, there is a possible escalation of privilege due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT8167, MT8175, MT8183, MT8362A, MT8365, MT8385

Affected Software Versions

Android 8.1, 9.0, 10.0, 11.0, 12.0

CVE

**CVE-2022-20044**

Title

Use after free in Bluetooth

Severity

Medium

Vulnerability Type

EoP

CWE

CWE-416 Use After Free

Description

In Bluetooth, there is a possible service crash due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT8167, MT8175, MT8183, MT8362A, MT8365, MT8385

Affected Software Versions

Android 8.1, 9.0, 10.0, 11.0, 12.0

CVE

**CVE-2022-20045**

Title

Use after free in Bluetooth

Severity

Medium

Vulnerability Type

EoP

CWE

CWE-416 Use After Free

Description

In Bluetooth, there is a possible service crash due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT8167, MT8175, MT8183, MT8362A, MT8365, MT8385

Affected Software Versions

Android 8.1, 9.0, 10.0, 11.0, 12.0

CVE

**CVE-2022-20046**

Title

Missing release of memory after effective lifetime in Bluetooth

Severity

Medium

Vulnerability Type

DoS

CWE

CWE-401 Missing Release of Memory after Effective Lifetime

Description

In Bluetooth, there is a possible memory corruption due to a logic error. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT8167, MT8175, MT8183, MT8362A, MT8365, MT8385

Affected Software Versions

Android 8.1, 9.0, 10.0, 11.0, 12.0

****Vulnerability Type Definition****

Abbreviation

**Definition**

RCE

Remote Code Execution

EoP

Elevation of Privilege

ID

Information Disclosure

DoS

Denial of Service

N/A

Classification not available

****Versions****

**Version**

**Date**

**Description**

1.0

February 7, 2022

Bulletin published.

****Notes****

Information above is generated only at the time of creation of this Security Bulletin. The list of affected chipsets could be not complete. For any further information, device OEMs can reach your MediaTek contact person if needed.

If you want to report a security vulnerability in MediaTek chipsets or products, please go to Report Security Vulnerability page on MediaTek website.

CVE-2022-20042: February 2022

There is an improper memory access permission configuration on ACPU.Successful exploitation of this vulnerability may cause out-of-bounds access.

HUAWEI is releasing monthly security updates for flagship models. This security update includes HUAWEI and third-party library patches:

This security update includes the following third-party library patches:

This security update includes the CVE announced in the January 2022 Android security bulletin:

Critical: none

High: CVE-2021-39620, CVE-2021-39623, CVE-2021-39629, CVE-2021-39632, CVE-2021-39659, CVE-2021-30353, CVE-2021-30319

Medium: CVE-2021-30313

Low: none

Already included in previous updates: CVE-2021-0956, CVE-2021-0769, CVE-2021-0978, CVE-2021-0979, CVE-2021-0981, CVE-2021-0993, CVE-2021-0996, CVE-2021-0997, CVE-2021-1001, CVE-2021-1002, CVE-2021-1003, CVE-2021-1016, CVE-2021-1017, CVE-2021-1018, CVE-2021-1019, CVE-2021-1023, CVE-2021-1025, CVE-2021-39657, CVE-2021-30262, CVE-2021-0675, CVE-2021-0961, CVE-2021-0922, CVE-2020-0347, CVE-2021-0717, CVE-2021-1030, CVE-2021-1031, CVE-2021-0977

※For more information on security patches, please refer to the Android security bulletins (https://source.android.com/security/bulletin).

This security update includes the CVE of other third-party library patches:

Critical: CVE-2021-3760

High: CVE-2021-0356, CVE-2021-0359, CVE-2021-0360, CVE-2021-0358, CVE-2021-0357, CVE-2021-32484, CVE-2021-32485, CVE-2021-32486, CVE-2021-32487

This security update includes the following HUAWEI patches:

CVE-2021-39991: Unauthorized rewriting vulnerability with the memory access management module on ACPU

Severity: High

Affected versions: EMUI12.0.0

Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2021-39986: Unauthorized rewriting vulnerability with the memory access management module on ACPU

Severity: High

Affected versions: EMUI12.0.0

Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2021-37115: Unauthorized rewriting vulnerability with the memory access management module on ACPU

Severity: High

Affected versions: EMUI12.0.0

Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2021-37109: Security protection bypass vulnerability with the modem

Severity: High

Affected versions: EMUI12.0.0

Impact: Successful exploitation of this vulnerability may cause memory protection failure.

CVE-2021-40044: Permission verification vulnerability in the Bluetooth module

Severity: Medium

Affected versions: EMUI12.0.0, EMUI 11.0.1, EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0

Impact: Successful exploitation of this vulnerability may cause unauthorized operations.

CVE-2021-40015: Race condition vulnerability in the binder driver subsystem in the kernel

Severity: Medium

Affected versions: EMUI 12.0.0, EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0

Impact: Successful exploitation of this vulnerability may affect kernel stability.

CVE-2021-39992: Improper security permission configuration vulnerability on ACPU

Severity: High

Affected versions: EMUI12.0.0

Impact: Successful exploitation of this vulnerability may affect service confidentiality, integrity, and availability.

CVE-2021-39997: Vulnerability of unstrict input parameter verification in the audio assembly

Severity: High

Affected versions: EMUI12.0.0

Impact: Successful exploitation of this vulnerability may cause out-of-bounds access.

CVE-2021-39994: Arbitrary address access vulnerability with the product line test code

Severity: High

Affected versions: EMUI12.0.0

Impact: Successful exploitation of this vulnerability may affect service confidentiality, integrity, and availability.

CVE-2021-40045: Vulnerability of signature verification mechanism failure in system upgrade through recovery mode

Severity: High

Affected versions: EMUI12.0.0, EMUI 11.0.1, EMUI 11.0.0, Magic UI 4.0.0

Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2021-37107: Improper memory access permission configuration on ACPU

Severity: High

Affected versions: EMUI12.0.0

Impact: Successful exploitation of this vulnerability may cause out-of-bounds access.

CVE-2021-37107: February

Improper access control in the Intel(R) Capital Global Summit Android application may allow an authenticated user to potentially enable information disclosure via local access.

**Select Your Region**

The browser version you are using is not recommended for this site.  
Please consider upgrading to the latest version of your browser by clicking one of the following links.

*   Safari
*   Chrome
*   Edge
*   Firefox

**Intel® Capital Global Summit Android App Advisory**

**Summary: **

A potential security vulnerability in the Intel® Capital Global Summit Android App may allow information disclosure.  Intel is not releasing updates to mitigate this potential vulnerability and has issued a Product Discontinuation Notice for the Intel® Capital Global Summit Android App.

**Vulnerability Details:**

CVEID: CVE-2022-21153

Description: Improper access control in the Intel(R) Capital Global Summit Android app may allow an authenticated user to potentially enable information disclosure via local access.

CVSS Base Score: 2.8 Low

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N

**Affected Products:**

Intel® Capital Global Summit Android App, all versions.

**Recommendations:**

Intel has issued a Product Discontinuation notice for the Intel® Capital Global Summit Android App and recommends that users of the Intel® Capital Global Summit Android App uninstall it or discontinue use at their earliest convenience.

**Acknowledgements:**

Intel would like to thank Sheikh Rishad for reporting this issue.

Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available.

**Revision History**

Revision

Date

Description

1.0

02/08/2022

Initial Release

**Legal Notices and Disclaimers**

Intel provides these materials as-is, with no express or implied warranties.

All products, dates, and figures specified are preliminary based on current expectations, and are subject to change without notice.

Intel, processors, chipsets, and desktop boards may contain design defects or errors known as errata, which may cause the product to deviate from published specifications. Current characterized errata are available on request.

Intel technologies’ features and benefits depend on system configuration and may require enabled hardware, software or service activation. Performance varies depending on system configuration. No product or component can be absolutely secure. Check with your system manufacturer or retailer or learn more at https://intel.com.

Some results have been estimated or simulated using internal Intel analysis or architecture simulation or modeling, and provided to you for informational purposes. Any differences in your system hardware, software or configuration may affect your actual performance.

Intel and the Intel logo are trademarks of Intel Corporation in the United States and other countries.

\*Other names and brands may be claimed as the property of others.  
Copyright © Intel Corporation 2022

**Report a Vulnerability**

If you have information about a security issue or vulnerability with an **Intel branded product or technology**, please send an e-mail to secure@intel.com. Encrypt sensitive information using our PGP public key.

Please provide as much information as possible, including:

*   The products and versions affected
*   Detailed description of the vulnerability
*   Information on known exploits

A member of the Intel Product Security Team will review your e-mail and contact you to collaborate on resolving the issue. For more information on how Intel works to resolve security issues, see:

*   Vulnerability handling guidelines

For issues related to Intel's external web presence (Intel.com and related subdomains), please contact Intel's External Security Research team.

**Need product support?**

If you...

*   Have questions about the security features of an Intel product
*   Require technical support
*   Want product updates or patches

  
Please visit Support & Downloads.

*   Report a Vulnerability
*   Product Support

CVE-2022-21153: INTEL-SA-00608

Improper access control in the Intel(R) Smart Campus Android application before version 6.1 may allow authenticated user to potentially enable information disclosure via local access.

**Select Your Region**

The browser version you are using is not recommended for this site.  
Please consider upgrading to the latest version of your browser by clicking one of the following links.

*   Safari
*   Chrome
*   Edge
*   Firefox

**Intel® Smart Campus Android App Advisory**

**Summary: **

A potential security vulnerability in the Intel® Smart Campus Android application may allow information disclosure.  Intel is releasing application updates to mitigate this potential vulnerability.

**Vulnerability Details:**

CVEID: CVE-2022-21157

Description: Improper access control in the Intel(R) Smart Campus Android application before version 6.1 may allow authenticated user to potentially enable information disclosure via local access.

CVSS Base Score: 2.8 Low

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N

**Affected Products:**

Intel® Smart Campus Android application before version 6.1.

**Recommendations:**

Intel recommends updating the Intel® Smart Campus Android application to version 6.1 or later.

Updates are available for download at this location: https://play.google.com/store/apps/details?id=com.intel.smartbuilding21400

**Acknowledgements:**

Intel would like to thank Sheikh Rishad for reporting this issue.

Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available.

**Revision History**

Revision

Date

Description

1.0

02/08/2022

Initial Release

**Legal Notices and Disclaimers**

Intel provides these materials as-is, with no express or implied warranties.

All products, dates, and figures specified are preliminary based on current expectations, and are subject to change without notice.

Intel, processors, chipsets, and desktop boards may contain design defects or errors known as errata, which may cause the product to deviate from published specifications. Current characterized errata are available on request.

Intel technologies’ features and benefits depend on system configuration and may require enabled hardware, software or service activation. Performance varies depending on system configuration. No product or component can be absolutely secure. Check with your system manufacturer or retailer or learn more at https://intel.com.

Some results have been estimated or simulated using internal Intel analysis or architecture simulation or modeling, and provided to you for informational purposes. Any differences in your system hardware, software or configuration may affect your actual performance.

Intel and the Intel logo are trademarks of Intel Corporation in the United States and other countries.

\*Other names and brands may be claimed as the property of others.  
Copyright © Intel Corporation 2022

**Report a Vulnerability**

If you have information about a security issue or vulnerability with an **Intel branded product or technology**, please send an e-mail to secure@intel.com. Encrypt sensitive information using our PGP public key.

Please provide as much information as possible, including:

*   The products and versions affected
*   Detailed description of the vulnerability
*   Information on known exploits

A member of the Intel Product Security Team will review your e-mail and contact you to collaborate on resolving the issue. For more information on how Intel works to resolve security issues, see:

*   Vulnerability handling guidelines

For issues related to Intel's external web presence (Intel.com and related subdomains), please contact Intel's External Security Research team.

**Need product support?**

If you...

*   Have questions about the security features of an Intel product
*   Require technical support
*   Want product updates or patches

  
Please visit Support & Downloads.

*   Report a Vulnerability
*   Product Support

CVE-2022-21157: INTEL-SA-00607

Microsoft OneDrive for Android Security Feature Bypass Vulnerability

CVE-2022-23255

Microsoft OneDrive for Android Security Feature Bypass Vulnerability.

Server Side Request Forgery (SSRF) vulneraility exists in Gitea before 1.7.0 using the OpenID URL.

_Thu Jan 24, 2019_ by **lunny**

The time has come for another major release! We are proud to present Gitea 1.7.0 to the world. In this release, we merged 157 pull requests – it’s less than last time (178).

You can download one of our pre-built binaries from our downloads page - make sure to select the correct platform! For further details on how to install, follow our installation guide.

We’d like to thank all of our backers on Open Collective, who are helping us deliver a better piece of software.

With that out of the way, here’s what’s new in Gitea version 1.7.0:

**User action heatmap (#5131)**

![User action heatmap](https://blog.gitea.io/demos/5131/1.png)

Now user’s action heatmap will be shown on your first login page and user’s profile page.

_Thanks to **@kolaente**_

**Show review summary in pull requests (#5132)**

![Review summary in pull requests](https://blog.gitea.io/demos/5132/1.png)

A review summary now will be shown on the bottom of a pull request.

_Thanks to **@kolaente**_

**Approvals at Branch Protection (#5350)**

![approvals limitation](https://blog.gitea.io/demos/5350/1.png)

This PR adds approvals limitations to branch protection. A pull request could only be merged after serval approvals.

_Thanks to **@jonasfranz**_

**Milestone issues and pull requests (#5293)**

![milestone issues and pulls](https://blog.gitea.io/demos/5293/1.png)

This PR adds milestone issues and pulls page.

_Thanks to **@lunny**_

**Implement pasting image from clipboard for browsers that supports that (#5317)**

![pasting image from clipboard](https://blog.gitea.io/demos/5317/1.gif)

Implemented pasting image from clipboard in new issue text area or adding issue/pr comments.

_Thanks to **@lafriks**_

**Create Progressive Web App (#4730)**

![progressive web app](https://blog.gitea.io/demos/4730/1.png)

This will allow users (especially on Android) to add the gitea website to the home-screen and use it like a native app.

_Thanks to **@SohnyBohny**_

**Give user a link to create PR after push (#4716)**

When push to a remote non-default branch. It will display a useful link. Output of a push when no active PR exists:

    [branch2/test be40717] test
     1 file changed, 1 deletion(-)
    Counting objects: 3, done.
    Writing objects: 100% (3/3), 255 bytes | 255.00 KiB/s, done.
    Total 3 (delta 0), reused 0 (delta 0)
    remote:
    remote: Create a new pull request for 'branch2/test':
    remote:   http://localhost:3000/test1/test/compare/master...branch2%2Ftest
    remote:
    To http://localhost:3000/test1/test.git
       0c5683f..be40717  branch2/test -> branch2/test
    

Output of a push when an active PR exists:

    [branch2/test 453d638] test
     1 file changed, 1 insertion(+)
    Counting objects: 3, done.
    Writing objects: 100% (3/3), 255 bytes | 255.00 KiB/s, done.
    Total 3 (delta 0), reused 0 (delta 0)
    remote:
    remote: Visit the existing pull request:
    remote:   http://localhost:3000/test1/test/pulls/6
    remote:
    To http://localhost:3000/test1/test.git
       be40717..453d638  branch2/test -> branch2/test
    

_Thanks to **@JulienTant**_

**Add rebase with merge commit merge style (#4052)**

![rebase with merge commit](https://blog.gitea.io/demos/4052/1.png)

This PR adds the Rebase and Merge (–no-ff) merge style.

_Thanks to **@apricote**_

**Other changes**

*   SECURITY
    *   Do not display the raw OpenID error in the UI (#5705) (#5712)
    *   When redirecting clean the path to avoid redirecting to external site (#5669) (#5679)
    *   Prevent DeleteFilePost doing arbitrary deletion (#5631)
*   BREAKING
    *   Restrict permission check on repositories and fix some problems (#5314)
    *   Show only opened milestones on issues page milestone filter (#5051)
*   FEATURES
    *   Implement git refs API for listing references (branches, tags and other) (#5354)
    *   Approvals at Branch Protection (#5350)
    *   Add raw blob endpoint to get objects by SHA ID (#5334)
    *   Add api for user to create org (#5268)
    *   Create AuthorizedKeysCommand (#5236)
    *   User action heatmap (#5131)
    *   Refactor heatmap to vue component (#5401)
    *   Webhook for Pull Request approval/rejection (#5027)
    *   Add command for migrating database (#4954)
    *   Search keyword by splitting provided values by , (#4939)
    *   Give user a link to create PR after push (#4716)
    *   Add rebase with merge commit merge style (#3844) (#4052)
*   BUGFIXES
    *   Disallow empty titles (#5785) (#5794)
    *   Fix sqlite deadlock when assigning to a PR (#5640) (#5642)
    *   Don’t close issues via commits on non-default branch. (#5622) (#5643)
    *   Fix commit page showing status for current default branch (#5650) (#5653)
    *   Only count users own actions for heatmap contributions (#5647) (#5655)
    *   Update xorm to fix issue postgresql dumping issues (#5680) (#5692)
    *   Use correct value for “MSpan Structures Obtained” (#5706) (#5716)
    *   Fix bug on modifying sshd username (#5624)
    *   Delete tags in mirror which are removed for original repo. (#5609)
    *   Fix wrong text getting saved on editing second comment on an issue. (#5608)
    *   Fix nil pointer when adding a due date (#5587)
    *   Fix type mismatch of format string (#5574)
    *   Fix bug on upload file name (#5571)
    *   Issue is not overdue when it is on the same date #5566 (#5568)
    *   Fix indexer reindex bug when gitea restart (#5563)
    *   Fix table name typo on SQL (#5562)
    *   Synchronize SSH keys on login with LDAP + Fix SQLite deadlock on ldap ssh key deletion (#5557)
    *   Fix makefile generate buildstep (#5556)
    *   Fix nil pointer base branch bug (#5555)
    *   Fix permission check on api create org (#5523)
    *   Fix detect force push failure on deletion of protected branches (#5522)
    *   Fix approvals limitation (#5521)
    *   Fix bug when a read perm user to edit his issue (#5516)
    *   Fix adding reaction fail for read permission user (#5515)
    *   Fixing MSSQL timestamp type (#5511)
    *   Fix forgot deletion of notification when delete repository (#5506)
    *   Fix empty wiki (#5504)
    *   Fix clone wiki failed via ssh (#5503)
    *   Fix code review on mssql (#5502)
    *   Fix lfs version check warning log when using ssh protocol (#5501)
    *   Fix topic name length on database (#5493)
    *   Ensure that the `closed_at` is set for closed issues (#5449)
    *   Admin should be able to delete repos via the API even if he is not a member of the organization (#5443)
    *   Word-Break the WebHook url to prevent a ui-break (#5432)
    *   Fix forgot removed records when deleting user (#5429)
    *   Fix repository deletion when there is large number of issues in it (#5426)
    *   Fix heatmap colors for Chrome/Safari (#5421)
    *   Fix password variable shadowing (#5405)
    *   Fix dependent issue searching when gitea is run in subpath (#5392)
    *   Don’t force a password change for the admin user when creating an account via cli (#5391)
    *   API: ‘/orgs/:org/repos’: return private repos with read access (#5383)
    *   Don’t send assign webhooks when creating issue (#5365)
    *   Removing Labels via EditPullRequest API (#5348)
    *   Migration fixes for gogs (0.11.66) to gitea (1.6.0) #5318 (#5341)
    *   Fix bug when users have serval teams with different units on different repositories (#5307)
    *   Fix U2F if gitea is configured in subpath (#5302)
    *   Fix file edit change preview functionality (#5300)
    *   Update gitignore list (#5258)
    *   Fixed heatmap not working in mssql (#5248)
    *   Fixed wrong api request url for instances running in subfolders (#5247)
    *   Fix compatibility heatmap with mysql 8 (#5232)
    *   Fix data race on migrate repository (#5224)
    *   Fix sqlite and mssql lock (#5214)
    *   Fix sqlite lock (#5210)
    *   Fix: Accept web-command cli flags if web-command is commited (#5200)
    *   Fix: Add secret to all webhook’s payload where it has been missing (#5199)
    *   Fix race on updatesize (#5190)
    *   Fix create team, update team missing units (#5188)
    *   Fix sqlite lock (#5184 & #5176)
    *   Fix showing pull request link when delete a branch (#5166)
    *   Fix JSON result of empty array in heatmap data array (#5154)
    *   Update build tags for sqlite\_unlock notify (#5144)
    *   This commit will reduce join star, repo\_topic, topic tables on repo search, so that fix extra columns problem on mssql (#5136)
    *   Fix deadlock when sqlite (#5118)
    *   Add comment replies (#5104)
    *   Fix home page template regression (#5102)
    *   Fix regex to support optional end line of old section in diff hunk (#5096)
    *   LDAP via simple auth separate bind user and search base (#5055)
    *   Fix markdown image with link (#4675)
    *   Fix to 3819 - Filtering issues by tags on main screen issues (#3824)
*   ENHANCEMENT
    *   Delete organization endpoint added (#5601)
    *   Update Licenses (#5558)
    *   Support reverse proxy providing email (#5554)
    *   Add git protocol v2 support via SSH on Docker image (#5520)
    *   Add tests for api user orgs (#5494)
    *   Allow link verification for services like Mastodon (#5481)
    *   Improve team members and repositories settings UI (#5457)
    *   Remove the required class from optional ssh port in installation page (#5428)
    *   Explicitly disable Git credential helper (#5367)
    *   Setting Labels via EditPullRequest API (#5347)
    *   Implement pasting image from clipboard for browsers that supports that (#5317)
    *   Milestone issues and pull requests (#5293)
    *   Support envs on external render commands (#5278)
    *   Add option to disable automatic mirror syncing. (#5242)
    *   Remove unused db init on commands serv, update, hooks (#5225)
    *   Serve audio files using HTML5 audio tag (#5221)
    *   Pass link prefixes to external markup parsers (#5201)
    *   Add AutoHead functionality. (#5186)
    *   Fix emojis not showing in commit messages (#5168)
    *   Block registration based on email domain (#5157)
    *   Update vendor/go-sqlite3 (#5133 & #5162)
    *   Update x/net lib (#5169)
    *   Show review summary in pull requests (#5132)
    *   Use type switch (#5122)
    *   Remove duplicated if bodies (#5121)
    *   Remove check for negative length (#5120)
    *   Make switch more clear (#5119)
    *   Use named const instead of a raw string (#5115)
    *   Fix issue where ecdsa and other key types are not synced from LDAP (#5092) (#5094)
    *   Refactor: err != nil check, just return error instead (#5093)
    *   Add notification interface and refactor UI notifications (#5085)
    *   Use APP\_NAME on home page (#5048)
    *   Explicitly decide whether to use TLS in mailer’s configuration (#5024)
    *   Generate random password (#5023)
    *   UX of link account (Step 1) (#5006)
    *   Make sure argsSet verifies string isn’t empty too (#4980)
    *   Improve performance of dashboard (#4977)
    *   Keys API changes (#4960)
    *   Add must-change-password flag to cli for creating a user (#4955)
    *   Use native go method to get current user rather than environment variable (#4930)
    *   Make gitea serv use api/internal (#4886)
    *   Add support for search by uid (#4876)
    *   Allow to add organization members as collaborators on organization owned repositories (#4748)
*   BUILD
    *   Replace lint to revive (#5422)
    *   Update golang version in Dockerfile (#5246)
*   DOCS
    *   Typo in routers/api/v1/org/org.go fixed. (#5598)
    *   Update the docs for sqlite\_unlock\_notify (#5145)
    *   CN translation of docs part (#5049)
    *   Kubernetes deployment file (#5046)
*   MISC
    *   Upgrade alpine to 3.8 (#5423)
    *   Git-Trees API (#5403)
    *   Only chown directories during docker setup if necessary. Fix #4425 (#5064)

To see all user-facing changes that went into the release, check out our

full changelog.

A shoutout goes to those who reported and/or fixed security issues in this release:

*   @cezar97 (#4973)
*   @zeripath (#5705 #5669 #5631)
*   @misterpoesy (#5627)

**Help us out!**

Gitea is focused on community input and contributions. To keep a project like Gitea going we need people. **_LOTS_** of people. You can help in the following areas:

**Programming**

If you know Go or HTML/CSS/JavaScript, you may be interested in working on the code. Working on OSS may seem scary, but the best way is to try! Read the Gitea contribution guide, and then find an itch to scratch, or scratch your own!

**Translating**

Want to translate Gitea in your own language? Awesome! Join the Gitea project on Crowdin. As soon as your translation is approved, it will be pushed to the Gitea project to be used in future releases!

**Documentation**

Documentation is important, but also time consuming. If you enjoy writing and have a pretty good knowledge of English, or you would like to translate the English version to your native language, you’re very welcome to do so. Find our documentation on the main git repository here. Just fork, update the documentation and then create a pull request!

**Support**

Do you like people? Can you give calm and thought-out responses to users needing help? Then you can spend some time providing support to those who need it. Most answers can really be found in the documentation, so make sure to take some time to read it. Then, either join our chat or forums (linked below), or simply help us sort out issues and answer questions on the Gitea repository.

**Donations**

If you, or your company, want to help us out sustain our financial expenses, you can do so by donating on Open Collective.

**… or reporting bugs**

If you lack the time or knowledge to do any of the above, just using Gitea and sharing the word is enough to make us happy! One thing you can always do is to report any bugs you find on the Gitea issue tracker.

Before opening an issue, read the contribution guidelines about reporting bugs. After opening an issue, try to stick around a while to answer any questions we might have. Replies greatly help us find the root cause of an issue.

**Thanks**

This release would not have been possible without the pull requests from the following people:

*   @BetaCat0
*   @Eisfunke
*   @HarshitOnGitHub
*   @HoffmannP
*   @JulienTant
*   @Kasi-R
*   @LER0ever
*   @MoshiBin
*   @SagePtr
*   @SohnyBohny
*   @adelowo
*   @appleboy
*   @apricote
*   @bkcsoft
*   @cez81
*   @chdxD1
*   @coolaj86
*   @cristaloleg
*   @darktohka
*   @fabian-braun
*   @gaydin
*   @gregkare
*   @gzsombor
*   @inxonic
*   @jamesa
*   @jonasfranz
*   @kolaente
*   @koyuawsmbrtn
*   @lafriks
*   @lucienkerl
*   @lunny
*   @mcnesium
*   @michaelkuhn
*   @nougad
*   @romankl
*   @rstefan1
*   @rvillablanca
*   @sapk
*   @sd1998
*   @techknowlogick
*   @tenacubus
*   @typeless
*   @xor-gate
*   @zeripath

PRs and issues merged in 1.7.0.

**Get in touch**

Need help with anything? You can come on our Discord server, or if you’re more old-fashioned you can also use our forums.

CVE-2021-45325: Gitea 1.7.0 is released - Blog

**What privileges are required to exploit this vulnerability?**

The attacker needs access to an unlocked mobile device to exploit the vulnerability.

CVE-2022-23255: Microsoft OneDrive for Android Security Feature Bypass Vulnerability

Tensorflow is an Open Source Machine Learning Framework. TensorFlow's type inference can cause a heap out of bounds read as the bounds checking is done in a `DCHECK` (which is a no-op during production). An attacker can control the `input_idx` variable such that `ix` would be larger than the number of values in `node_t.args`. The fix will be included in TensorFlow 2.8.0. This is the only affected version.

CVE-2022-23592: tensorflow/graph.cc at 274df9b02330b790aa8de1cee164b70f72b9b244 · tensorflow/tensorflow

Tensorflow is an Open Source Machine Learning Framework. A malicious user can cause a denial of service by altering a `SavedModel` such that any binary op would trigger `CHECK` failures. This occurs when the protobuf part corresponding to the tensor arguments is modified such that the `dtype` no longer matches the `dtype` expected by the op. In that case, calling the templated binary operator for the binary op would receive corrupted data, due to the type confusion involved. If `Tin` and `Tout` don't match the type of data in `out` and `input_*` tensors then `flat<*>` would interpret it wrongly. In most cases, this would be a silent failure, but we have noticed scenarios where this results in a `CHECK` crash, hence a denial of service. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.

Tag

#android