SB2022030857 - Multiple vulnerabilities in MediaTek chipsets
Published: March 8, 2022 Updated: March 7, 2023
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 13 secuirty vulnerabilities.
1) Buffer overflow (CVE-ID: CVE-2022-20047)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in video decoder. A remote attacker can trick the victim to open a specially crafted media file, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
2) Buffer overflow (CVE-ID: CVE-2022-20048)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in media decoder. A remote attacker can trick the victim to open a specially crafted media file, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
3) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2022-20053)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to missing permissions check in the ims service. A local application can execute arbitrary code with elevated privileges.
4) Improper Access Control (CVE-ID: CVE-2022-20049)
The vulnerability allows a local privileged application to execute arbitrary code.
The vulnerability exists due to a missing permission check within vpu. A local privileged application can execute arbitrary code.
5) UNIX Symbolic Link (Symlink) Following (CVE-ID: CVE-2022-20050)
The vulnerability allows a local privileged application to execute arbitrary code.
The vulnerability exists due to improper link resolution within connsyslogger. A local privileged application can execute arbitrary code.
6) Incorrect Privilege Assignment (CVE-ID: CVE-2022-20051)
The vulnerability allows a local application to perform service disruption.
The vulnerability exists due to incorrect privilege assignment within ims service. A local application can perform service disruption.
7) Missing Authorization (CVE-ID: CVE-2022-20054)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to a missing permission check within ims service. A local application can execute arbitrary code.
8) Out-of-bounds write (CVE-ID: CVE-2022-20055)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to a missing bounds check within preloader (usb). A local application can execute arbitrary code.
9) Out-of-bounds write (CVE-ID: CVE-2022-20056)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to a missing bounds check within preloader (usb). A local application can execute arbitrary code.
10) Detection of error condition without action (CVE-ID: CVE-2022-20057)
The vulnerability allows a local privileged application to execute arbitrary code.
The vulnerability exists due to incorrect error handling within btif. A local privileged application can execute arbitrary code.
11) Out-of-bounds write (CVE-ID: CVE-2022-20058)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to a missing bounds check within preloader (usb). A local application can execute arbitrary code.
12) Out-of-bounds write (CVE-ID: CVE-2022-20059)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to a missing bounds check within preloader (usb). A local application can execute arbitrary code.
13) Improper Authorization (CVE-ID: CVE-2022-20060)
The vulnerability allows an attacker to escalate privileges on the device.
The vulnerability exists due to a missing proper image authentication within the preloader (usb). An attacker with physical access to device can execute arbitrary code.
Remediation
Install update from vendor's website.