SB2022060636 - Multiple vulnerabilities in MediaTek chipsets
Published: June 6, 2022 Updated: March 7, 2023
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 18 secuirty vulnerabilities.
1) Improper Input Validation (CVE-ID: CVE-2022-21755)
The vulnerability allows a local privileged application to gain access to sensitive information.
The vulnerability exists due to an incorrect bounds check within WLAN driver. A local privileged application can gain access to sensitive information.
2) Integer overflow (CVE-ID: CVE-2022-21762)
The vulnerability allows a local privileged application to perform service disruption.
The vulnerability exists due to an integer overflow within apusys driver. A local privileged application can perform service disruption.
3) Integer overflow (CVE-ID: CVE-2022-21761)
The vulnerability allows a local privileged application to perform service disruption.
The vulnerability exists due to an integer overflow within apusys driver. A local privileged application can perform service disruption.
4) Integer overflow (CVE-ID: CVE-2022-21760)
The vulnerability allows a local privileged application to perform service disruption.
The vulnerability exists due to an integer overflow within apusys driver. A local privileged application can perform service disruption.
5) Buffer overflow (CVE-ID: CVE-2022-21759)
The vulnerability allows a local privileged application to execute arbitrary code.
The vulnerability exists due to a missing bounds check within power service. A local privileged application can execute arbitrary code.
6) Double Free (CVE-ID: CVE-2022-21758)
The vulnerability allows a local privileged application to execute arbitrary code.
The vulnerability exists due to a double free within ccu. A local privileged application can execute arbitrary code.
7) Resource exhaustion (CVE-ID: CVE-2022-21757)
The vulnerability allows a local application to perform service disruption.
The vulnerability exists due to a missing count check within WIFI Firmware. A local application can perform service disruption.
8) Improper Input Validation (CVE-ID: CVE-2022-21756)
The vulnerability allows a local privileged application to gain access to sensitive information.
The vulnerability exists due to an incorrect bounds check within WLAN driver. A local privileged application can gain access to sensitive information.
9) Improper Input Validation (CVE-ID: CVE-2022-21754)
The vulnerability allows a local privileged application to execute arbitrary code.
The vulnerability exists due to a missing bounds check within WLAN driver. A local privileged application can execute arbitrary code.
10) Use-after-free (CVE-ID: CVE-2022-21745)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error in WIFI firmware. A remote attacker can trick the victim into connecting to the malicious hotspot compromise vulnerable system.
11) Improper Input Validation (CVE-ID: CVE-2022-21753)
The vulnerability allows a local privileged application to execute arbitrary code.
The vulnerability exists due to a missing bounds check within WLAN driver. A local privileged application can execute arbitrary code.
12) Improper Input Validation (CVE-ID: CVE-2022-21752)
The vulnerability allows a local privileged application to execute arbitrary code.
The vulnerability exists due to a missing bounds check within WLAN driver. A local privileged application can execute arbitrary code.
13) Improper Input Validation (CVE-ID: CVE-2022-21751)
The vulnerability allows a local privileged application to execute arbitrary code.
The vulnerability exists due to a missing bounds check within WLAN driver. A local privileged application can execute arbitrary code.
14) Improper Input Validation (CVE-ID: CVE-2022-21750)
The vulnerability allows a local privileged application to execute arbitrary code.
The vulnerability exists due to a missing bounds check within WLAN driver. A local privileged application can execute arbitrary code.
15) Improper Access Control (CVE-ID: CVE-2022-21749)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to a missing permission check within telephony. A local application can gain access to sensitive information.
16) Improper Access Control (CVE-ID: CVE-2022-21748)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to a missing permission check within telephony. A local application can gain access to sensitive information.
17) Improper Input Validation (CVE-ID: CVE-2022-21747)
The vulnerability allows a local privileged application to perform service disruption.
The vulnerability exists due to a missing bounds check within imgsensor. A local privileged application can perform service disruption.
18) Improper Input Validation (CVE-ID: CVE-2022-21746)
The vulnerability allows a local privileged application to perform service disruption.
The vulnerability exists due to a missing bounds check within imgsensor. A local privileged application can perform service disruption.
Remediation
Install update from vendor's website.