Main Vulnerability Database SB2022040722

SB2022040722 - Multiple vulnerabilities in MediaTek chipsets

Published: April 7, 2022 Updated: March 7, 2023

Security Bulletin ID SB2022040722

Severity

Medium

Patch available

YES

Number of vulnerabilities 22

Exploitation vector Remote access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 22 secuirty vulnerabilities.

1) Improperly Implemented Security Check for Standard (CVE-ID: CVE-2022-20071)

The vulnerability allows a local privileged application to execute arbitrary code.

The vulnerability exists due to a missing certificate validation within ccu. A local privileged application can execute arbitrary code.

2) Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') (CVE-ID: CVE-2022-20080)

The vulnerability allows a local privileged application to execute arbitrary code.

The vulnerability exists due to a race condition within SUB2AF. A local privileged application can execute arbitrary code.

3) Improper Input Validation (CVE-ID: CVE-2022-20079)

The vulnerability allows a local privileged application to gain access to sensitive information.

The vulnerability exists due to a improper input validation within vow. A local privileged application can gain access to sensitive information.

4) Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') (CVE-ID: CVE-2022-20078)

The vulnerability allows a local privileged application to execute arbitrary code.

The vulnerability exists due to a race condition within vow. A local privileged application can execute arbitrary code.

5) Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') (CVE-ID: CVE-2022-20077)

The vulnerability allows a local privileged application to execute arbitrary code.

The vulnerability exists due to a race condition within vow. A local privileged application can execute arbitrary code.

6) Improper Handling of Exceptional Conditions (CVE-ID: CVE-2022-20076)

The vulnerability allows a local privileged application to gain access to sensitive information.

The vulnerability exists due to an incorrect error handling within ged. A local privileged application can gain access to sensitive information.

7) Integer overflow (CVE-ID: CVE-2022-20075)

The vulnerability allows a local privileged application to execute arbitrary code.

The vulnerability exists due to an integer overflow within ged. A local privileged application can execute arbitrary code.

8) Out-of-bounds read (CVE-ID: CVE-2022-20074)

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to a missing bounds check within preloader (partition). A local application can execute arbitrary code.

9) Integer underflow (CVE-ID: CVE-2022-20073)

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to a integer underflow within preloader (usb). A local application can execute arbitrary code.

10) Incorrect Comparison (CVE-ID: CVE-2022-20072)

The vulnerability allows a local privileged application to execute arbitrary code.

The vulnerability exists due to an incorrect comparison within search engine service. A local privileged application can execute arbitrary code.

11) Improper Input Validation (CVE-ID: CVE-2022-20070)

The vulnerability allows a local privileged application to execute arbitrary code.

The vulnerability exists due to a missing bounds check within ssmr. A local privileged application can execute arbitrary code.

12) Improper Certificate Validation (CVE-ID: CVE-2022-20081)

The vulnerability allows a remote attacker to perform MitM attack.

The vulnerability exists due to improper improper certificate validation in A-GPS. A remote attacker can perform MitM attack.

13) Integer overflow (CVE-ID: CVE-2022-20069)

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to an integer overflow within preloader (usb). A local application can execute arbitrary code.

14) UNIX Symbolic Link (Symlink) Following (CVE-ID: CVE-2022-20068)

The vulnerability allows a local privileged application to execute arbitrary code.

The vulnerability exists due to an improper link resolution within mobile_log_d. A local privileged application can execute arbitrary code.

15) Use After Free (CVE-ID: CVE-2022-20052)

The vulnerability allows a local privileged application to execute arbitrary code.

The vulnerability exists due to a use after free within mdp. A local privileged application can execute arbitrary code.

16) Improper Input Validation (CVE-ID: CVE-2022-20067)

The vulnerability allows a local privileged application to execute arbitrary code.

The vulnerability exists due to a missing bounds check within mdp. A local privileged application can execute arbitrary code.

17) Improper Handling of Exceptional Conditions (CVE-ID: CVE-2022-20066)

The vulnerability allows a local privileged application to gain access to sensitive information.

The vulnerability exists due to incorrect error handling within atf (hwfde). A local privileged application can gain access to sensitive information.

18) Out-of-bounds read (CVE-ID: CVE-2022-20065)

The vulnerability allows a local privileged application to gain access to sensitive information.

The vulnerability exists due to a missing bounds check within ccci. A local privileged application can gain access to sensitive information.

19) Out-of-bounds read (CVE-ID: CVE-2022-20064)

The vulnerability allows a local privileged application to gain access to sensitive information.

The vulnerability exists due to an incorrect bounds check within ccci. A local privileged application can gain access to sensitive information.

20) Out-of-bounds write (CVE-ID: CVE-2022-20063)

The vulnerability allows a local privileged application to execute arbitrary code.

The vulnerability exists due to a missing bounds check within atf (spm). A local privileged application can execute arbitrary code.

21) Use After Free (CVE-ID: CVE-2022-20062)

The vulnerability allows a local privileged application to execute arbitrary code.

The vulnerability exists due to a use after free within mdp. A local privileged application can execute arbitrary code.

22) Double Free (CVE-ID: CVE-2021-25477)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a double free error within the Modem LTE RRC when decoding an incorrect ASN.1 data. A remote attacker can pass specially crafted data to the system, trigger a double free error and perform a denial of service (DoS) attack.

Remediation

Install update from vendor's website.

References

Vulnerable Software

MT6833: All versions
MT6853: All versions
MT6873: All versions
MT6877: All versions
MT6885: All versions
MT6893: All versions
MT8797: All versions
MT6580: All versions
MT6735: All versions
MT6737: All versions
MT6739: All versions
MT6753: All versions
MT6757: All versions
MT6761: All versions
MT6763: All versions
MT6765: All versions
MT6768: All versions
MT6771: All versions
MT6779: All versions
MT6781: All versions
MT6785: All versions
MT6883: All versions
MT6889: All versions
MT8168: All versions
MT8321: All versions
MT8365: All versions
MT8666: All versions
MT8765: All versions
MT8766: All versions
MT8768: All versions
MT8786: All versions
MT8788: All versions
MT8791: All versions
MT6853T: All versions
MT6891: All versions
MT8185: All versions
MT8789: All versions
MT6731: All versions
MT6750S: All versions
MT6755S: All versions
MT6757C: All versions
MT6757CD: All versions
MT6757CH: All versions
MT6762: All versions
MT6769: All versions
MT6875: All versions
MT8127: All versions
MT8135: All versions
MT8163: All versions
MT8167: All versions
MT8167S: All versions
MT8173: All versions
MT8175: All versions
MT8176: All versions
MT8183: All versions
MT8312C: All versions
MT8312D: All versions
MT8362A: All versions
MT8382: All versions
MT8385: All versions
MT8389: All versions
MT8392: All versions
MT8392_90: All versions
MT8665: All versions
MT8685: All versions
MT8693: All versions
MT8735: All versions
MT8735B: All versions
MT8735M: All versions
MT8752: All versions
MT8783: All versions
MT8785: All versions
MT6879: All versions
MT6880: All versions
MT6890: All versions
MT6895: All versions
MT6983: All versions
MT6985: All versions
MT8667: All versions
MT8675: All versions
MT8695: All versions
MT2601: All versions
MT6799: All versions
MT8696: All versions
MT6755: All versions
MT6789: All versions
MT6795: All versions
MT6797: All versions
MT6732: All versions
MT6750: All versions
MT6752: All versions
MT6758: All versions
MT8735A: All versions
MT6757P: All versions
MT6762D: All versions
MT6762M: All versions
MT6765T: All versions
MT6767: All versions
MT6769T: All versions
MT6769Z: All versions
MT6783: All versions
MT6785T: All versions

SB2022040722 - Multiple vulnerabilities in MediaTek chipsets

Breakdown by Severity

Description

Remediation

References

Please verify you're human