Multiple vulnerabilities in MediaTek chipsets

Published: 2022-02-08 | Updated: 2023-03-07

Risk	Low
Patch available	YES
Number of vulnerabilities	24
CVE-ID	CVE-2022-20036 CVE-2022-20046 CVE-2022-20045 CVE-2022-20044 CVE-2022-20043 CVE-2022-20042 CVE-2022-20041 CVE-2022-20040 CVE-2022-20039 CVE-2022-20038 CVE-2022-20037 CVE-2022-20035 CVE-2022-20024 CVE-2022-20034 CVE-2022-20017 CVE-2022-20033 CVE-2022-20032 CVE-2022-20031 CVE-2022-20030 CVE-2022-20029 CVE-2022-20028 CVE-2022-20027 CVE-2022-20026 CVE-2022-20025
CWE-ID	CWE-200 CWE-401 CWE-416 CWE-269 CWE-121 CWE-190 CWE-119 CWE-20 CWE-287 CWE-125 CWE-123 CWE-122
Exploitation vector	Local
Public exploit	N/A
Vulnerable software	MT6735 Mobile applications / Mobile firmware & hardware MT6737 Mobile applications / Mobile firmware & hardware MT6739 Mobile applications / Mobile firmware & hardware MT6750 Mobile applications / Mobile firmware & hardware MT6750S Mobile applications / Mobile firmware & hardware MT6753 Mobile applications / Mobile firmware & hardware MT6755 Mobile applications / Mobile firmware & hardware MT6755S Mobile applications / Mobile firmware & hardware MT6757 Mobile applications / Mobile firmware & hardware MT6757C Mobile applications / Mobile firmware & hardware MT6757CD Mobile applications / Mobile firmware & hardware MT6757CH Mobile applications / Mobile firmware & hardware MT6758 Mobile applications / Mobile firmware & hardware MT6761 Mobile applications / Mobile firmware & hardware MT6762 Mobile applications / Mobile firmware & hardware MT6763 Mobile applications / Mobile firmware & hardware MT6765 Mobile applications / Mobile firmware & hardware MT6768 Mobile applications / Mobile firmware & hardware MT6769 Mobile applications / Mobile firmware & hardware MT6771 Mobile applications / Mobile firmware & hardware MT6795 Mobile applications / Mobile firmware & hardware MT6797 Mobile applications / Mobile firmware & hardware MT6799 Mobile applications / Mobile firmware & hardware MT6833 Mobile applications / Mobile firmware & hardware MT6880 Mobile applications / Mobile firmware & hardware MT6890 Mobile applications / Mobile firmware & hardware MT8167 Mobile applications / Mobile firmware & hardware MT8168 Mobile applications / Mobile firmware & hardware MT8173 Mobile applications / Mobile firmware & hardware MT8175 Mobile applications / Mobile firmware & hardware MT8185 Mobile applications / Mobile firmware & hardware MT8321 Mobile applications / Mobile firmware & hardware MT8362A Mobile applications / Mobile firmware & hardware MT8365 Mobile applications / Mobile firmware & hardware MT8385 Mobile applications / Mobile firmware & hardware MT8765 Mobile applications / Mobile firmware & hardware MT8766 Mobile applications / Mobile firmware & hardware MT8768 Mobile applications / Mobile firmware & hardware MT8786 Mobile applications / Mobile firmware & hardware MT8788 Mobile applications / Mobile firmware & hardware MT8789 Mobile applications / Mobile firmware & hardware MT8791 Mobile applications / Mobile firmware & hardware MT8183 Mobile applications / Mobile firmware & hardware MT6580 Mobile applications / Mobile firmware & hardware MT6582E Mobile applications / Mobile firmware & hardware MT6582H Mobile applications / Mobile firmware & hardware MT6582T Mobile applications / Mobile firmware & hardware MT6582W Mobile applications / Mobile firmware & hardware MT6582_90 Mobile applications / Mobile firmware & hardware MT6589 Mobile applications / Mobile firmware & hardware MT6589TD Mobile applications / Mobile firmware & hardware MT6592E Mobile applications / Mobile firmware & hardware MT6592H Mobile applications / Mobile firmware & hardware MT6592T Mobile applications / Mobile firmware & hardware MT6592W Mobile applications / Mobile firmware & hardware MT6592_90 Mobile applications / Mobile firmware & hardware MT6595 Mobile applications / Mobile firmware & hardware MT6731 Mobile applications / Mobile firmware & hardware MT6732 Mobile applications / Mobile firmware & hardware MT6752 Mobile applications / Mobile firmware & hardware MT8163 Mobile applications / Mobile firmware & hardware MT8735B Mobile applications / Mobile firmware & hardware MT6779 Hardware solutions / Firmware MT6781 Hardware solutions / Firmware MT6785 Hardware solutions / Firmware MT6853 Hardware solutions / Firmware MT6853T Hardware solutions / Firmware MT6873 Hardware solutions / Firmware MT6875 Hardware solutions / Firmware MT6877 Hardware solutions / Firmware MT6883 Hardware solutions / Firmware MT6885 Hardware solutions / Firmware MT6889 Hardware solutions / Firmware MT6891 Hardware solutions / Firmware MT6893 Hardware solutions / Firmware MT8797 Hardware solutions / Firmware
Vendor	MediaTek

Security Bulletin

This security bulletin contains information about 24 vulnerabilities.

1) Information Exposure

EUVDB-ID: #VU73014

Risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-20036

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to an incorrect bounds check within ion driver. A local application can gain access to sensitive information.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

MT6735: All versions

MT6737: All versions

MT6739: All versions

MT6750: All versions

MT6750S: All versions

MT6753: All versions

MT6755: All versions

MT6755S: All versions

MT6757: All versions

MT6757C: All versions

MT6757CD: All versions

MT6757CH: All versions

MT6758: All versions

MT6761: All versions

MT6762: All versions

MT6763: All versions

MT6765: All versions

MT6768: All versions

MT6769: All versions

MT6771: All versions

MT6779: All versions

MT6781: All versions

MT6785: All versions

MT6795: All versions

MT6797: All versions

MT6799: All versions

MT6833: All versions

MT6853: All versions

MT6853T: All versions

MT6873: All versions

MT6875: All versions

MT6877: All versions

MT6880: All versions

MT6883: All versions

MT6885: All versions

MT6889: All versions

MT6890: All versions

MT6891: All versions

MT6893: All versions

MT8167: All versions

MT8168: All versions

MT8173: All versions

MT8175: All versions

MT8185: All versions

MT8321: All versions

MT8362A: All versions

MT8365: All versions

MT8385: All versions

MT8765: All versions

MT8766: All versions

MT8768: All versions

MT8786: All versions

MT8788: All versions

MT8789: All versions

MT8791: All versions

CPE2.3

External links

https://corp.mediatek.com/product-security-bulletin/February-2022

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Improper Release of Memory Before Removing Last Reference ('Memory Leak')

EUVDB-ID: #VU73024

Risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-20046

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local application to perform service disruption.

The vulnerability exists due to a logic error within Bluetooth. A local application can perform service disruption.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

MT8167: All versions

MT8175: All versions

MT8183: All versions

MT8362A: All versions

MT8365: All versions

MT8385: All versions

CPE2.3

External links

https://corp.mediatek.com/product-security-bulletin/February-2022

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Use After Free

EUVDB-ID: #VU73023

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-20045

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to a use after free within Bluetooth. A local application can execute arbitrary code.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

MT8167: All versions

MT8175: All versions

MT8183: All versions

MT8362A: All versions

MT8365: All versions

MT8385: All versions

CPE2.3

External links

https://corp.mediatek.com/product-security-bulletin/February-2022

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Use After Free

EUVDB-ID: #VU73022

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-20044

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to a use after free within Bluetooth. A local application can execute arbitrary code.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

MT8167: All versions

MT8175: All versions

MT8183: All versions

MT8362A: All versions

MT8365: All versions

MT8385: All versions

CPE2.3

External links

https://corp.mediatek.com/product-security-bulletin/February-2022

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Improper Privilege Management

EUVDB-ID: #VU73021

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-20043

CWE-ID: CWE-269 - Improper Privilege Management

Exploit availability: No

Description

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to a missing permission check within Bluetooth. A local application can execute arbitrary code.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

MT8167: All versions

MT8175: All versions

MT8183: All versions

MT8362A: All versions

MT8365: All versions

MT8385: All versions

CPE2.3

External links

https://corp.mediatek.com/product-security-bulletin/February-2022

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Information Exposure

EUVDB-ID: #VU73020

Risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-20042

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to incorrect error handling within Bluetooth. A local application can gain access to sensitive information.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

MT8167: All versions

MT8175: All versions

MT8183: All versions

MT8362A: All versions

MT8365: All versions

MT8385: All versions

CPE2.3

External links

https://corp.mediatek.com/product-security-bulletin/February-2022

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Improper Privilege Management

EUVDB-ID: #VU73019

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-20041

CWE-ID: CWE-269 - Improper Privilege Management

Exploit availability: No

Description

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to a missing permission check within Bluetooth. A local application can execute arbitrary code.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

MT8167: All versions

MT8175: All versions

MT8183: All versions

MT8362A: All versions

MT8365: All versions

MT8385: All versions

CPE2.3

External links

https://corp.mediatek.com/product-security-bulletin/February-2022

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Stack-based buffer overflow

EUVDB-ID: #VU73018

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-20040

CWE-ID: CWE-121 - Stack-based buffer overflow

Exploit availability: No

Description

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to a stack within power_hal_manager_service. A local application can execute arbitrary code.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

MT6735: All versions

MT6737: All versions

MT6739: All versions

MT6755: All versions

MT6757: All versions

MT6761: All versions

MT6771: All versions

MT6779: All versions

MT6785: All versions

MT6833: All versions

MT6853: All versions

MT6873: All versions

MT6875: All versions

MT6877: All versions

MT6880: All versions

MT6883: All versions

MT6885: All versions

MT6889: All versions

MT6890: All versions

MT6891: All versions

MT6893: All versions

MT8167: All versions

MT8168: All versions

MT8173: All versions

MT8175: All versions

MT8185: All versions

MT8321: All versions

MT8362A: All versions

MT8365: All versions

MT8385: All versions

MT8765: All versions

MT8766: All versions

MT8768: All versions

MT8786: All versions

MT8788: All versions

MT8789: All versions

MT8791: All versions

MT8797: All versions

CPE2.3

External links

https://corp.mediatek.com/product-security-bulletin/February-2022

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Integer overflow

EUVDB-ID: #VU73017

Risk: Low

CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-20039

CWE-ID: CWE-190 - Integer overflow

Exploit availability: No

Description

The vulnerability allows a local privileged application to execute arbitrary code.

The vulnerability exists due to an integer overflow within ccu driver. A local privileged application can execute arbitrary code.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

MT6833: All versions

MT6853: All versions

MT6873: All versions

MT6877: All versions

MT6883: All versions

MT6893: All versions

MT8791: All versions

MT8797: All versions

CPE2.3

External links

https://corp.mediatek.com/product-security-bulletin/February-2022

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Memory corruption

EUVDB-ID: #VU73016

Risk: Low

CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-20038

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local privileged application to execute arbitrary code.

The vulnerability exists due to an incorrect bounds check within ccu driver. A local privileged application can execute arbitrary code.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

MT6833: All versions

MT6853: All versions

MT6873: All versions

MT6877: All versions

MT6885: All versions

MT6893: All versions

MT8791: All versions

MT8797: All versions

CPE2.3

External links

https://corp.mediatek.com/product-security-bulletin/February-2022

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Information Exposure

EUVDB-ID: #VU73015

Risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-20037

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to an incorrect bounds check within ion driver. A local application can gain access to sensitive information.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

MT6735: All versions

MT6737: All versions

MT6739: All versions

MT6750: All versions

MT6750S: All versions

MT6753: All versions

MT6755: All versions

MT6755S: All versions

MT6757: All versions

MT6757C: All versions

MT6757CD: All versions

MT6757CH: All versions

MT6758: All versions

MT6761: All versions

MT6762: All versions

MT6763: All versions

MT6765: All versions

MT6768: All versions

MT6769: All versions

MT6771: All versions

MT6779: All versions

MT6781: All versions

MT6785: All versions

MT6795: All versions

MT6797: All versions

MT6799: All versions

MT6833: All versions

MT6853: All versions

MT6853T: All versions

MT6873: All versions

MT6875: All versions

MT6877: All versions

MT6880: All versions

MT6883: All versions

MT6885: All versions

MT6889: All versions

MT6890: All versions

MT6891: All versions

MT6893: All versions

MT8167: All versions

MT8168: All versions

MT8173: All versions

MT8175: All versions

MT8185: All versions

MT8321: All versions

MT8362A: All versions

MT8365: All versions

MT8385: All versions

MT8765: All versions

MT8766: All versions

MT8768: All versions

MT8786: All versions

MT8788: All versions

MT8789: All versions

MT8791: All versions

MT8797: All versions

CPE2.3

External links

https://corp.mediatek.com/product-security-bulletin/February-2022

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) Use After Free

EUVDB-ID: #VU73013

Risk: Low

CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-20035

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local privileged application to execute arbitrary code.

The vulnerability exists due to a use after free within vcu driver. A local privileged application can execute arbitrary code.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

MT6768: All versions

MT6769: All versions

MT6779: All versions

MT6781: All versions

MT6785: All versions

MT6833: All versions

MT6853: All versions

MT6853T: All versions

MT6873: All versions

MT6877: All versions

MT6885: All versions

MT6890: All versions

MT6891: All versions

MT6893: All versions

MT8167: All versions

MT8168: All versions

MT8173: All versions

MT8175: All versions

MT8185: All versions

MT8321: All versions

MT8362A: All versions

MT8365: All versions

MT8385: All versions

MT8765: All versions

MT8766: All versions

MT8768: All versions

MT8786: All versions

MT8788: All versions

MT8789: All versions

MT8791: All versions

MT8797: All versions

CPE2.3

External links

https://corp.mediatek.com/product-security-bulletin/February-2022

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

13) Improper Input Validation

EUVDB-ID: #VU73001

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-20024

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to a missing permission check within system service. A local application can execute arbitrary code.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

MT6580: All versions

MT6739: All versions

MT6750: All versions

MT6761: All versions

MT6762: All versions

MT6763: All versions

MT6765: All versions

MT6768: All versions

MT6771: All versions

MT6779: All versions

MT8167: All versions

MT8168: All versions

MT8173: All versions

MT8175: All versions

MT8185: All versions

MT8321: All versions

MT8362A: All versions

MT8365: All versions

MT8385: All versions

MT8765: All versions

MT8766: All versions

MT8768: All versions

MT8786: All versions

MT8788: All versions

MT8789: All versions

MT8791: All versions

MT8797: All versions

CPE2.3

External links

https://corp.mediatek.com/product-security-bulletin/February-2022

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

14) Improper Authentication

EUVDB-ID: #VU73012

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-20034

CWE-ID: CWE-287 - Improper Authentication

Exploit availability: No

Description

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to an improper certificate validation within Preloader XFLASH. A local application can execute arbitrary code.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

MT6580: All versions

MT6735: All versions

MT6739: All versions

MT6761: All versions

MT6763: All versions

MT6765: All versions

MT6768: All versions

MT6769: All versions

MT6771: All versions

MT6779: All versions

MT6781: All versions

MT6785: All versions

MT6799: All versions

MT6833: All versions

MT6853: All versions

MT6873: All versions

MT6875: All versions

MT6877: All versions

MT6885: All versions

MT6891: All versions

MT6893: All versions

CPE2.3

External links

https://corp.mediatek.com/product-security-bulletin/February-2022

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

15) Information Exposure

EUVDB-ID: #VU73011

Risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-20017

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to an incorrect bounds check within ion driver. A local application can gain access to sensitive information.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

MT6765: All versions

MT6785: All versions

MT6833: All versions

MT6853: All versions

MT6873: All versions

MT6877: All versions

MT6885: All versions

MT6893: All versions

MT8167: All versions

MT8168: All versions

MT8173: All versions

MT8175: All versions

MT8185: All versions

MT8321: All versions

MT8362A: All versions

MT8365: All versions

MT8385: All versions

MT8765: All versions

MT8766: All versions

MT8768: All versions

MT8786: All versions

MT8788: All versions

MT8789: All versions

MT8791: All versions

MT8797: All versions

CPE2.3

External links

https://corp.mediatek.com/product-security-bulletin/February-2022

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

16) Out-of-bounds read

EUVDB-ID: #VU73010

Risk: Low

CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-20033

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local privileged application to gain access to sensitive information.

The vulnerability exists due to an incorrect bounds check within camera driver. A local privileged application can gain access to sensitive information.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

MT6739: All versions

MT6761: All versions

MT6765: All versions

MT6768: All versions

MT6771: All versions

MT6779: All versions

MT6781: All versions

MT6833: All versions

MT6853: All versions

MT6853T: All versions

MT6873: All versions

MT6877: All versions

MT6883: All versions

MT6885: All versions

MT6889: All versions

MT6893: All versions

MT8167: All versions

MT8168: All versions

MT8173: All versions

MT8362A: All versions

MT8365: All versions

CPE2.3

External links

https://corp.mediatek.com/product-security-bulletin/February-2022

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

17) Out-of-bounds read

EUVDB-ID: #VU73009

Risk: Low

CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-20032

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local privileged application to gain access to sensitive information.

The vulnerability exists due to a race condition within vow driver. A local privileged application can gain access to sensitive information.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

MT6781: All versions

MT6785: All versions

MT6833: All versions

MT6853: All versions

MT6853T: All versions

MT6873: All versions

MT6877: All versions

MT6883: All versions

MT6885: All versions

MT6889: All versions

MT6891: All versions

MT6893: All versions

MT8185: All versions

MT8789: All versions

MT8791: All versions

MT8797: All versions

CPE2.3

External links

https://corp.mediatek.com/product-security-bulletin/February-2022

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

18) Use After Free

EUVDB-ID: #VU73008

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-20031

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to a use after free within fb driver. A local application can execute arbitrary code.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

MT6580: All versions

MT6582E: All versions

MT6582H: All versions

MT6582T: All versions

MT6582W: All versions

MT6582_90: All versions

MT6589: All versions

MT6589TD: All versions

MT6592E: All versions

MT6592H: All versions

MT6592T: All versions

MT6592W: All versions

MT6592_90: All versions

MT6595: All versions

MT6731: All versions

MT6732: All versions

MT6735: All versions

MT6737: All versions

MT6739: All versions

MT6750: All versions

MT6750S: All versions

MT6752: All versions

MT6753: All versions

MT6755: All versions

MT6755S: All versions

MT6757: All versions

MT6757C: All versions

MT6757CD: All versions

MT6757CH: All versions

MT6758: All versions

MT6761: All versions

MT6762: All versions

MT6763: All versions

MT6765: All versions

MT6768: All versions

MT6769: All versions

MT6771: All versions

MT6779: All versions

MT6781: All versions

MT6785: All versions

MT6795: All versions

MT6797: All versions

MT6799: All versions

MT6833: All versions

MT6853: All versions

MT6853T: All versions

MT6873: All versions

MT6875: All versions

MT6877: All versions

MT6883: All versions

MT6885: All versions

MT6889: All versions

MT6891: All versions

MT6893: All versions

CPE2.3

External links

https://corp.mediatek.com/product-security-bulletin/February-2022

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

19) Stack-based buffer overflow

EUVDB-ID: #VU73007

Risk: Low

CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-20030

CWE-ID: CWE-121 - Stack-based buffer overflow

Exploit availability: No

Description

The vulnerability allows a local privileged application to execute arbitrary code.

The vulnerability exists due to a stack within vow driver. A local privileged application can execute arbitrary code.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

MT6781: All versions

MT6785: All versions

MT6833: All versions

MT6853: All versions

MT6853T: All versions

MT6873: All versions

MT6877: All versions

MT6883: All versions

MT6885: All versions

MT6889: All versions

MT6891: All versions

MT6893: All versions

MT8185: All versions

MT8789: All versions

MT8791: All versions

MT8797: All versions

CPE2.3

External links

https://corp.mediatek.com/product-security-bulletin/February-2022

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

20) Out-of-bounds read

EUVDB-ID: #VU73006

Risk: Low

CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-20029

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local privileged application to gain access to sensitive information.

The vulnerability exists due to an incorrect bounds check within cmdq driver. A local privileged application can gain access to sensitive information.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

MT6761: All versions

MT6762: All versions

MT6763: All versions

MT6765: All versions

MT6768: All versions

MT6769: All versions

MT6771: All versions

MT6779: All versions

MT6785: All versions

MT6833: All versions

MT6853: All versions

MT6853T: All versions

MT6873: All versions

MT6875: All versions

MT6877: All versions

MT6883: All versions

MT6885: All versions

MT6889: All versions

MT6891: All versions

MT6893: All versions

MT8163: All versions

MT8167: All versions

MT8168: All versions

MT8173: All versions

MT8175: All versions

MT8183: All versions

MT8321: All versions

MT8362A: All versions

MT8365: All versions

MT8385: All versions

MT8735B: All versions

MT8765: All versions

MT8766: All versions

MT8768: All versions

MT8786: All versions

MT8788: All versions

MT8791: All versions

MT8797: All versions

CPE2.3

External links

https://corp.mediatek.com/product-security-bulletin/February-2022

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

21) Write-what-where Condition

EUVDB-ID: #VU73005

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-20028

CWE-ID: CWE-123 - Write-what-where Condition

Exploit availability: No

Description

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to a missing bounds check within Bluetooth. A local application can execute arbitrary code.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

MT8167: All versions

MT8175: All versions

MT8183: All versions

MT8362A: All versions

MT8365: All versions

MT8385: All versions

CPE2.3

External links

https://corp.mediatek.com/product-security-bulletin/February-2022

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

22) Write-what-where Condition

EUVDB-ID: #VU73004

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-20027

CWE-ID: CWE-123 - Write-what-where Condition

Exploit availability: No

Description

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to a missing bounds check within Bluetooth. A local application can execute arbitrary code.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

MT8167: All versions

MT8175: All versions

MT8183: All versions

MT8362A: All versions

MT8365: All versions

MT8385: All versions

CPE2.3

External links

https://corp.mediatek.com/product-security-bulletin/February-2022

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

23) Heap-based Buffer Overflow

EUVDB-ID: #VU73003

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-20026

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to a missing bounds check within Bluetooth. A local application can execute arbitrary code.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

MT8167: All versions

MT8175: All versions

MT8183: All versions

MT8362A: All versions

MT8365: All versions

MT8385: All versions

CPE2.3

External links

https://corp.mediatek.com/product-security-bulletin/February-2022

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

24) Stack-based buffer overflow

EUVDB-ID: #VU73002

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-20025

CWE-ID: CWE-121 - Stack-based buffer overflow

Exploit availability: No

Description

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to a missing bounds check within Bluetooth. A local application can execute arbitrary code.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

MT8167: All versions

MT8175: All versions

MT8183: All versions

MT8362A: All versions

MT8365: All versions

MT8385: All versions

CPE2.3

External links

https://corp.mediatek.com/product-security-bulletin/February-2022

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.