Multiple vulnerabilities in MediaTek chipsets

Published: 2022-04-07 | Updated: 2023-03-07

Risk	Medium
Patch available	YES
Number of vulnerabilities	22
CVE-ID	CVE-2022-20071 CVE-2022-20080 CVE-2022-20079 CVE-2022-20078 CVE-2022-20077 CVE-2022-20076 CVE-2022-20075 CVE-2022-20074 CVE-2022-20073 CVE-2022-20072 CVE-2022-20070 CVE-2022-20081 CVE-2022-20069 CVE-2022-20068 CVE-2022-20052 CVE-2022-20067 CVE-2022-20066 CVE-2022-20065 CVE-2022-20064 CVE-2022-20063 CVE-2022-20062 CVE-2021-25477
CWE-ID	CWE-358 CWE-362 CWE-20 CWE-755 CWE-190 CWE-125 CWE-191 CWE-697 CWE-295 CWE-61 CWE-416 CWE-787 CWE-415
Exploitation vector	Network
Public exploit	N/A
Vulnerable software Subscribe	MT6833 Mobile applications / Mobile firmware & hardware MT6580 Mobile applications / Mobile firmware & hardware MT6735 Mobile applications / Mobile firmware & hardware MT6737 Mobile applications / Mobile firmware & hardware MT6739 Mobile applications / Mobile firmware & hardware MT6753 Mobile applications / Mobile firmware & hardware MT6757 Mobile applications / Mobile firmware & hardware MT6761 Mobile applications / Mobile firmware & hardware MT6763 Mobile applications / Mobile firmware & hardware MT6765 Mobile applications / Mobile firmware & hardware MT6768 Mobile applications / Mobile firmware & hardware MT6771 Mobile applications / Mobile firmware & hardware MT8168 Mobile applications / Mobile firmware & hardware MT8321 Mobile applications / Mobile firmware & hardware MT8365 Mobile applications / Mobile firmware & hardware MT8666 Mobile applications / Mobile firmware & hardware MT8765 Mobile applications / Mobile firmware & hardware MT8766 Mobile applications / Mobile firmware & hardware MT8768 Mobile applications / Mobile firmware & hardware MT8786 Mobile applications / Mobile firmware & hardware MT8788 Mobile applications / Mobile firmware & hardware MT8791 Mobile applications / Mobile firmware & hardware MT8185 Mobile applications / Mobile firmware & hardware MT8789 Mobile applications / Mobile firmware & hardware MT6731 Mobile applications / Mobile firmware & hardware MT6750S Mobile applications / Mobile firmware & hardware MT6755S Mobile applications / Mobile firmware & hardware MT6757C Mobile applications / Mobile firmware & hardware MT6757CD Mobile applications / Mobile firmware & hardware MT6757CH Mobile applications / Mobile firmware & hardware MT6762 Mobile applications / Mobile firmware & hardware MT6769 Mobile applications / Mobile firmware & hardware MT8127 Mobile applications / Mobile firmware & hardware MT8135 Mobile applications / Mobile firmware & hardware MT8163 Mobile applications / Mobile firmware & hardware MT8167 Mobile applications / Mobile firmware & hardware MT8167S Mobile applications / Mobile firmware & hardware MT8173 Mobile applications / Mobile firmware & hardware MT8175 Mobile applications / Mobile firmware & hardware MT8176 Mobile applications / Mobile firmware & hardware MT8183 Mobile applications / Mobile firmware & hardware MT8312C Mobile applications / Mobile firmware & hardware MT8312D Mobile applications / Mobile firmware & hardware MT8362A Mobile applications / Mobile firmware & hardware MT8382 Mobile applications / Mobile firmware & hardware MT8385 Mobile applications / Mobile firmware & hardware MT8389 Mobile applications / Mobile firmware & hardware MT8392 Mobile applications / Mobile firmware & hardware MT8392_90 Mobile applications / Mobile firmware & hardware MT8665 Mobile applications / Mobile firmware & hardware MT8685 Mobile applications / Mobile firmware & hardware MT8693 Mobile applications / Mobile firmware & hardware MT8735 Mobile applications / Mobile firmware & hardware MT8735B Mobile applications / Mobile firmware & hardware MT8735M Mobile applications / Mobile firmware & hardware MT8752 Mobile applications / Mobile firmware & hardware MT8783 Mobile applications / Mobile firmware & hardware MT8785 Mobile applications / Mobile firmware & hardware MT6879 Mobile applications / Mobile firmware & hardware MT6880 Mobile applications / Mobile firmware & hardware MT6890 Mobile applications / Mobile firmware & hardware MT6895 Mobile applications / Mobile firmware & hardware MT6983 Mobile applications / Mobile firmware & hardware MT6985 Mobile applications / Mobile firmware & hardware MT8667 Mobile applications / Mobile firmware & hardware MT8675 Mobile applications / Mobile firmware & hardware MT8695 Mobile applications / Mobile firmware & hardware MT2601 Mobile applications / Mobile firmware & hardware MT6799 Mobile applications / Mobile firmware & hardware MT8696 Mobile applications / Mobile firmware & hardware MT6755 Mobile applications / Mobile firmware & hardware MT6789 Mobile applications / Mobile firmware & hardware MT6795 Mobile applications / Mobile firmware & hardware MT6797 Mobile applications / Mobile firmware & hardware MT6732 Mobile applications / Mobile firmware & hardware MT6750 Mobile applications / Mobile firmware & hardware MT6752 Mobile applications / Mobile firmware & hardware MT6758 Mobile applications / Mobile firmware & hardware MT8735A Mobile applications / Mobile firmware & hardware MT6757P Mobile applications / Mobile firmware & hardware MT6762D Mobile applications / Mobile firmware & hardware MT6762M Mobile applications / Mobile firmware & hardware MT6765T Mobile applications / Mobile firmware & hardware MT6767 Mobile applications / Mobile firmware & hardware MT6769T Mobile applications / Mobile firmware & hardware MT6769Z Mobile applications / Mobile firmware & hardware MT6783 Mobile applications / Mobile firmware & hardware MT6785T Mobile applications / Mobile firmware & hardware MT6853 Hardware solutions / Firmware MT6873 Hardware solutions / Firmware MT6877 Hardware solutions / Firmware MT6885 Hardware solutions / Firmware MT6893 Hardware solutions / Firmware MT8797 Hardware solutions / Firmware MT6779 Hardware solutions / Firmware MT6781 Hardware solutions / Firmware MT6785 Hardware solutions / Firmware MT6883 Hardware solutions / Firmware MT6889 Hardware solutions / Firmware MT6853T Hardware solutions / Firmware MT6891 Hardware solutions / Firmware MT6875 Hardware solutions / Firmware
Vendor	MediaTek

Security Bulletin

This security bulletin contains information about 22 vulnerabilities.

1) Improperly Implemented Security Check for Standard

EUVDB-ID: #VU73045

Risk: Low

CVSSv3.1: 5.8 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-20071

CWE-ID: CWE-358 - Improperly Implemented Security Check for Standard

Exploit availability: No

Description

The vulnerability allows a local privileged application to execute arbitrary code.

The vulnerability exists due to a missing certificate validation within ccu. A local privileged application can execute arbitrary code.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

MT6833: All versions

MT6853: All versions

MT6873: All versions

MT6877: All versions

MT6885: All versions

MT6893: All versions

MT8797: All versions

CPE2.3

External links

http://corp.mediatek.com/product-security-bulletin/April-2022

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

EUVDB-ID: #VU73054

Risk: Low

CVSSv3.1: 5.8 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-20080

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

Description

The vulnerability allows a local privileged application to execute arbitrary code.

The vulnerability exists due to a race condition within SUB2AF. A local privileged application can execute arbitrary code.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

MT6580: All versions

MT6735: All versions

MT6737: All versions

MT6739: All versions

MT6753: All versions

MT6757: All versions

MT6761: All versions

MT6763: All versions

MT6765: All versions

MT6768: All versions

MT6771: All versions

MT6779: All versions

MT6781: All versions

MT6785: All versions

MT6833: All versions

MT6853: All versions

MT6873: All versions

MT6877: All versions

MT6883: All versions

MT6885: All versions

MT6889: All versions

MT6893: All versions

MT8168: All versions

MT8321: All versions

MT8365: All versions

MT8666: All versions

MT8765: All versions

MT8766: All versions

MT8768: All versions

MT8786: All versions

MT8788: All versions

MT8791: All versions

MT8797: All versions

CPE2.3

External links

http://corp.mediatek.com/product-security-bulletin/April-2022

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Improper Input Validation

EUVDB-ID: #VU73053

Risk: Low

CVSSv3.1: 2 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-20079

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local privileged application to gain access to sensitive information.

The vulnerability exists due to a improper input validation within vow. A local privileged application can gain access to sensitive information.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

MT6781: All versions

MT6785: All versions

MT6833: All versions

MT6853: All versions

MT6853T: All versions

MT6873: All versions

MT6877: All versions

MT6883: All versions

MT6885: All versions

MT6889: All versions

MT6891: All versions

MT6893: All versions

MT8185: All versions

MT8789: All versions

MT8791: All versions

MT8797: All versions

CPE2.3

External links

http://corp.mediatek.com/product-security-bulletin/April-2022

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

EUVDB-ID: #VU73052

Risk: Low

CVSSv3.1: 5.8 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-20078

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

Description

The vulnerability allows a local privileged application to execute arbitrary code.

The vulnerability exists due to a race condition within vow. A local privileged application can execute arbitrary code.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

MT6833: All versions

MT6853: All versions

MT6853T: All versions

MT6873: All versions

MT6877: All versions

MT6883: All versions

MT6885: All versions

MT6889: All versions

MT6891: All versions

MT6893: All versions

MT8791: All versions

MT8797: All versions

CPE2.3

External links

http://corp.mediatek.com/product-security-bulletin/April-2022

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

EUVDB-ID: #VU73051

Risk: Low

CVSSv3.1: 5.8 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-20077

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

Description

The vulnerability allows a local privileged application to execute arbitrary code.

The vulnerability exists due to a race condition within vow. A local privileged application can execute arbitrary code.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

MT6781: All versions

MT6785: All versions

MT6833: All versions

MT6853: All versions

MT6853T: All versions

MT6873: All versions

MT6877: All versions

MT6883: All versions

MT6885: All versions

MT6889: All versions

MT6891: All versions

MT6893: All versions

MT8185: All versions

MT8789: All versions

MT8791: All versions

MT8797: All versions

CPE2.3

External links

http://corp.mediatek.com/product-security-bulletin/April-2022

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Improper Handling of Exceptional Conditions

EUVDB-ID: #VU73050

Risk: Low

CVSSv3.1: 2 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-20076

CWE-ID: CWE-755 - Improper Handling of Exceptional Conditions

Exploit availability: No

Description

The vulnerability allows a local privileged application to gain access to sensitive information.

The vulnerability exists due to an incorrect error handling within ged. A local privileged application can gain access to sensitive information.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

MT6580: All versions

MT6731: All versions

MT6735: All versions

MT6750S: All versions

MT6753: All versions

MT6755S: All versions

MT6757: All versions

MT6757C: All versions

MT6757CD: All versions

MT6757CH: All versions

MT6761: All versions

MT6762: All versions

MT6763: All versions

MT6765: All versions

MT6768: All versions

MT6769: All versions

MT6771: All versions

MT6779: All versions

MT6781: All versions

MT6785: All versions

MT6833: All versions

MT6853: All versions

MT6853T: All versions

MT6873: All versions

MT6875: All versions

MT6877: All versions

MT6883: All versions

MT6885: All versions

MT6889: All versions

MT6891: All versions

MT6893: All versions

MT8127: All versions

MT8135: All versions

MT8163: All versions

MT8167: All versions

MT8167S: All versions

MT8168: All versions

MT8173: All versions

MT8175: All versions

MT8176: All versions

MT8183: All versions

MT8312C: All versions

MT8312D: All versions

MT8321: All versions

MT8362A: All versions

MT8365: All versions

MT8382: All versions

MT8385: All versions

MT8389: All versions

MT8392: All versions

MT8392_90: All versions

MT8665: All versions

MT8685: All versions

MT8693: All versions

MT8735: All versions

MT8735B: All versions

MT8735M: All versions

MT8752: All versions

MT8765: All versions

MT8783: All versions

MT8785: All versions

MT8788: All versions

CPE2.3

External links

http://corp.mediatek.com/product-security-bulletin/April-2022

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Integer overflow

EUVDB-ID: #VU73049

Risk: Low

CVSSv3.1: 5.8 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-20075

CWE-ID: CWE-190 - Integer overflow

Exploit availability: No

Description

The vulnerability allows a local privileged application to execute arbitrary code.

The vulnerability exists due to an integer overflow within ged. A local privileged application can execute arbitrary code.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

MT6580: All versions

MT6731: All versions

MT6735: All versions

MT6750S: All versions

MT6753: All versions

MT6755S: All versions

MT6757: All versions

MT6757C: All versions

MT6757CD: All versions

MT6757CH: All versions

MT6761: All versions

MT6762: All versions

MT6763: All versions

MT6765: All versions

MT6768: All versions

MT6769: All versions

MT6771: All versions

MT6779: All versions

MT6781: All versions

MT6785: All versions

MT6833: All versions

MT6853: All versions

MT6853T: All versions

MT6873: All versions

MT6875: All versions

MT6877: All versions

MT6883: All versions

MT6885: All versions

MT6889: All versions

MT6891: All versions

MT6893: All versions

MT8127: All versions

MT8135: All versions

MT8163: All versions

MT8167: All versions

MT8167S: All versions

MT8168: All versions

MT8173: All versions

MT8175: All versions

MT8176: All versions

MT8183: All versions

MT8312C: All versions

MT8312D: All versions

MT8321: All versions

MT8362A: All versions

MT8365: All versions

MT8382: All versions

MT8385: All versions

MT8389: All versions

MT8392: All versions

MT8392_90: All versions

MT8665: All versions

MT8685: All versions

MT8693: All versions

MT8735: All versions

MT8735B: All versions

MT8735M: All versions

MT8752: All versions

MT8765: All versions

MT8783: All versions

MT8785: All versions

MT8788: All versions

CPE2.3

External links

http://corp.mediatek.com/product-security-bulletin/April-2022

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Out-of-bounds read

EUVDB-ID: #VU73048

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-20074

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to a missing bounds check within preloader (partition). A local application can execute arbitrary code.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

MT6761: All versions

MT6762: All versions

MT6763: All versions

MT6765: All versions

MT6768: All versions

MT6769: All versions

MT6779: All versions

MT6833: All versions

MT6853: All versions

MT6853T: All versions

MT6873: All versions

MT6875: All versions

MT6877: All versions

MT6879: All versions

MT6880: All versions

MT6883: All versions

MT6885: All versions

MT6889: All versions

MT6890: All versions

MT6891: All versions

MT6893: All versions

MT6895: All versions

MT6983: All versions

MT6985: All versions

MT8185: All versions

MT8321: All versions

MT8385: All versions

MT8667: All versions

MT8675: All versions

MT8695: All versions

MT8766: All versions

MT8768: All versions

MT8786: All versions

MT8788: All versions

MT8789: All versions

MT8791: All versions

MT8797: All versions

CPE2.3

External links

http://corp.mediatek.com/product-security-bulletin/April-2022

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Integer underflow

EUVDB-ID: #VU73047

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-20073

CWE-ID: CWE-191 - Integer underflow

Exploit availability: No

Description

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to a integer underflow within preloader (usb). A local application can execute arbitrary code.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

MT2601: All versions

MT6580: All versions

MT6735: All versions

MT6739: All versions

MT6761: All versions

MT6763: All versions

MT6765: All versions

MT6768: All versions

MT6771: All versions

MT6779: All versions

MT6781: All versions

MT6785: All versions

MT6799: All versions

MT6833: All versions

MT6873: All versions

MT6877: All versions

MT6885: All versions

MT6893: All versions

MT8163: All versions

MT8167: All versions

MT8167S: All versions

MT8168: All versions

MT8173: All versions

MT8175: All versions

MT8183: All versions

MT8185: All versions

MT8321: All versions

MT8362A: All versions

MT8365: All versions

MT8385: All versions

MT8666: All versions

MT8667: All versions

MT8675: All versions

MT8695: All versions

MT8696: All versions

MT8765: All versions

MT8766: All versions

MT8768: All versions

MT8786: All versions

MT8788: All versions

MT8789: All versions

MT8791: All versions

MT8797: All versions

CPE2.3

External links

http://corp.mediatek.com/product-security-bulletin/April-2022

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Incorrect Comparison

EUVDB-ID: #VU73046

Risk: Low

CVSSv3.1: 5.8 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-20072

CWE-ID: CWE-697 - Incorrect Comparison

Exploit availability: No

Description

The vulnerability allows a local privileged application to execute arbitrary code.

The vulnerability exists due to an incorrect comparison within search engine service. A local privileged application can execute arbitrary code.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

MT6580: All versions

MT6735: All versions

MT6737: All versions

MT6739: All versions

MT6753: All versions

MT6755: All versions

MT6755S: All versions

MT6761: All versions

MT6765: All versions

MT6768: All versions

MT6769: All versions

MT6771: All versions

MT6779: All versions

MT6781: All versions

MT6785: All versions

MT6789: All versions

MT6795: All versions

MT6797: All versions

MT6799: All versions

MT6833: All versions

MT6853: All versions

MT6853T: All versions

MT6873: All versions

MT6875: All versions

MT6877: All versions

MT6879: All versions

MT6880: All versions

MT6883: All versions

MT6885: All versions

MT6889: All versions

MT6890: All versions

MT6891: All versions

MT6893: All versions

MT6895: All versions

MT6983: All versions

MT6985: All versions

MT8167: All versions

MT8167S: All versions

MT8168: All versions

MT8173: All versions

MT8175: All versions

MT8183: All versions

MT8185: All versions

MT8321: All versions

MT8362A: All versions

MT8365: All versions

MT8385: All versions

MT8675: All versions

MT8765: All versions

MT8766: All versions

MT8768: All versions

MT8786: All versions

MT8788: All versions

MT8791: All versions

MT8797: All versions

CPE2.3

External links

http://corp.mediatek.com/product-security-bulletin/April-2022

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Improper Input Validation

EUVDB-ID: #VU73044

Risk: Low

CVSSv3.1: 5.8 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-20070

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local privileged application to execute arbitrary code.

The vulnerability exists due to a missing bounds check within ssmr. A local privileged application can execute arbitrary code.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

MT6731: All versions

MT6732: All versions

MT6735: All versions

MT6737: All versions

MT6739: All versions

MT6750: All versions

MT6750S: All versions

MT6752: All versions

MT6753: All versions

MT6755: All versions

MT6755S: All versions

MT6757: All versions

MT6757C: All versions

MT6757CD: All versions

MT6757CH: All versions

MT6758: All versions

MT6761: All versions

MT6762: All versions

MT6763: All versions

MT6765: All versions

MT6768: All versions

MT6769: All versions

MT6771: All versions

MT6779: All versions

MT6781: All versions

MT6785: All versions

MT6789: All versions

MT6795: All versions

MT6797: All versions

MT6799: All versions

MT6833: All versions

MT6853: All versions

MT6853T: All versions

MT6873: All versions

MT6875: All versions

MT6877: All versions

MT6879: All versions

MT6880: All versions

MT6883: All versions

MT6885: All versions

MT6889: All versions

MT6890: All versions

MT6891: All versions

MT6893: All versions

MT6895: All versions

MT6983: All versions

MT6985: All versions

CPE2.3

External links

http://corp.mediatek.com/product-security-bulletin/April-2022

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) Improper Certificate Validation

EUVDB-ID: #VU62000

Risk: Medium

CVSSv3.1: 4.7 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-20081

CWE-ID: CWE-295 - Improper Certificate Validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform MitM attack.

The vulnerability exists due to improper improper certificate validation in A-GPS. A remote attacker can perform MitM attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

MT6580: All versions

MT6735: All versions

MT6737: All versions

MT6739: All versions

MT6753: All versions

MT6761: All versions

MT6765: All versions

MT6768: All versions

MT6771: All versions

MT6779: All versions

MT6781: All versions

MT6785: All versions

MT6833: All versions

MT6853: All versions

MT6873: All versions

MT6877: All versions

MT6879: All versions

MT6883: All versions

MT6885: All versions

MT6889: All versions

MT6893: All versions

MT6895: All versions

MT6983: All versions

MT8666: All versions

MT8667: All versions

MT8675: All versions

CPE2.3

External links

http://corp.mediatek.com/product-security-bulletin/April-2022

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

13) Integer overflow

EUVDB-ID: #VU73043

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-20069

CWE-ID: CWE-190 - Integer overflow

Exploit availability: No

Description

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to an integer overflow within preloader (usb). A local application can execute arbitrary code.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

MT6580: All versions

MT6735: All versions

MT6739: All versions

MT6761: All versions

MT6762: All versions

MT6763: All versions

MT6765: All versions

MT6768: All versions

MT6769: All versions

MT6771: All versions

MT6779: All versions

MT6781: All versions

MT6785: All versions

MT6799: All versions

MT6833: All versions

MT6853: All versions

MT6853T: All versions

MT6873: All versions

MT6877: All versions

MT6885: All versions

MT6893: All versions

MT6983: All versions

MT8167: All versions

MT8167S: All versions

MT8168: All versions

MT8173: All versions

MT8175: All versions

MT8183: All versions

MT8185: All versions

MT8321: All versions

MT8362A: All versions

MT8365: All versions

MT8385: All versions

MT8666: All versions

MT8667: All versions

MT8675: All versions

MT8695: All versions

MT8696: All versions

MT8765: All versions

MT8766: All versions

MT8768: All versions

MT8786: All versions

MT8788: All versions

MT8789: All versions

MT8791: All versions

MT8797: All versions

CPE2.3

External links

http://corp.mediatek.com/product-security-bulletin/April-2022

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

14) UNIX Symbolic Link (Symlink) Following

EUVDB-ID: #VU73042

Risk: Low

CVSSv3.1: 5.8 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-20068

CWE-ID: CWE-61 - UNIX Symbolic Link (Symlink) Following

Exploit availability: No

Description

The vulnerability allows a local privileged application to execute arbitrary code.

The vulnerability exists due to an improper link resolution within mobile_log_d. A local privileged application can execute arbitrary code.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

MT6731: All versions

MT6732: All versions

MT6735: All versions

MT6737: All versions

MT6739: All versions

MT6761: All versions

MT6762: All versions

MT6763: All versions

MT6765: All versions

MT6768: All versions

MT6769: All versions

MT6771: All versions

MT6779: All versions

MT6781: All versions

MT6785: All versions

MT6795: All versions

MT6799: All versions

MT6833: All versions

MT6853T: All versions

MT6873: All versions

MT6875: All versions

MT6877: All versions

MT6880: All versions

MT6883: All versions

MT6885: All versions

MT6889: All versions

MT6890: All versions

MT6891: All versions

MT6893: All versions

MT6985: All versions

MT8163: All versions

MT8167: All versions

MT8167S: All versions

MT8168: All versions

MT8173: All versions

MT8175: All versions

MT8183: All versions

MT8185: All versions

MT8321: All versions

MT8362A: All versions

MT8365: All versions

MT8385: All versions

MT8666: All versions

MT8667: All versions

MT8675: All versions

MT8735A: All versions

MT8735B: All versions

MT8765: All versions

MT8766: All versions

MT8768: All versions

MT8786: All versions

MT8788: All versions

MT8789: All versions

MT8791: All versions

MT8797: All versions

CPE2.3

External links

http://corp.mediatek.com/product-security-bulletin/April-2022

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

15) Use After Free

EUVDB-ID: #VU73041

Risk: Low

CVSSv3.1: 5.8 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-20052

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local privileged application to execute arbitrary code.

The vulnerability exists due to a use after free within mdp. A local privileged application can execute arbitrary code.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

MT6580: All versions

MT6735: All versions

MT6737: All versions

MT6739: All versions

MT6750: All versions

MT6753: All versions

MT6755: All versions

MT6762: All versions

MT6763: All versions

MT6765: All versions

MT6768: All versions

MT6769: All versions

MT6771: All versions

MT6779: All versions

MT6781: All versions

MT6785: All versions

MT6833: All versions

MT6853: All versions

MT6853T: All versions

MT6873: All versions

MT6877: All versions

MT6885: All versions

MT6890: All versions

MT6891: All versions

MT6893: All versions

MT8163: All versions

MT8167: All versions

MT8167S: All versions

MT8168: All versions

MT8173: All versions

MT8175: All versions

MT8183: All versions

MT8321: All versions

MT8362A: All versions

MT8365: All versions

MT8385: All versions

MT8666: All versions

MT8667: All versions

MT8735A: All versions

MT8735B: All versions

MT8765: All versions

MT8766: All versions

MT8768: All versions

MT8786: All versions

MT8788: All versions

CPE2.3

External links

http://corp.mediatek.com/product-security-bulletin/April-2022

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

16) Improper Input Validation

EUVDB-ID: #VU73040

Risk: Low

CVSSv3.1: 5.8 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-20067

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local privileged application to execute arbitrary code.

The vulnerability exists due to a missing bounds check within mdp. A local privileged application can execute arbitrary code.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

MT6731: All versions

MT6735: All versions

MT6739: All versions

MT6750: All versions

MT6755: All versions

MT6755S: All versions

MT6757: All versions

MT6761: All versions

MT6762: All versions

MT6763: All versions

MT6765: All versions

MT6768: All versions

MT6769: All versions

MT6771: All versions

MT6779: All versions

MT6785: All versions

MT6833: All versions

MT6853: All versions

MT6853T: All versions

MT6873: All versions

MT6885: All versions

MT6891: All versions

MT6893: All versions

MT8167: All versions

MT8167S: All versions

MT8168: All versions

MT8173: All versions

MT8183: All versions

MT8185: All versions

MT8321: All versions

MT8362A: All versions

MT8365: All versions

MT8385: All versions

MT8666: All versions

MT8667: All versions

MT8675: All versions

MT8735A: All versions

MT8735B: All versions

MT8765: All versions

MT8766: All versions

MT8768: All versions

MT8786: All versions

MT8788: All versions

MT8789: All versions

MT8791: All versions

MT8797: All versions

CPE2.3

External links

http://corp.mediatek.com/product-security-bulletin/April-2022

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

17) Improper Handling of Exceptional Conditions

EUVDB-ID: #VU73039

Risk: Low

CVSSv3.1: 2 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-20066

CWE-ID: CWE-755 - Improper Handling of Exceptional Conditions

Exploit availability: No

Description

The vulnerability allows a local privileged application to gain access to sensitive information.

The vulnerability exists due to incorrect error handling within atf (hwfde). A local privileged application can gain access to sensitive information.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

MT8168: All versions

MT8365: All versions

MT8696: All versions

MT6580: All versions

MT6739: All versions

MT6761: All versions

MT6765: All versions

MT6769: All versions

MT6771: All versions

MT6785: All versions

MT6833: All versions

MT6873: All versions

MT6875: All versions

MT6877: All versions

MT6891: All versions

MT8666: All versions

MT8667: All versions

MT8766: All versions

MT8768: All versions

MT8788: All versions

CPE2.3

External links

http://corp.mediatek.com/product-security-bulletin/April-2022
http://corp.mediatek.com/product-security-bulletin/May-2022

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

18) Out-of-bounds read

EUVDB-ID: #VU73038

Risk: Low

CVSSv3.1: 2 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-20065

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local privileged application to gain access to sensitive information.

The vulnerability exists due to a missing bounds check within ccci. A local privileged application can gain access to sensitive information.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

MT6580: All versions

MT6737: All versions

MT6739: All versions

MT6761: All versions

MT6762: All versions

MT6765: All versions

MT6768: All versions

MT6769: All versions

MT6779: All versions

MT6781: All versions

MT6785: All versions

MT6833: All versions

MT6873: All versions

MT6875: All versions

MT6877: All versions

MT6883: All versions

MT6885: All versions

MT6889: All versions

MT6983: All versions

MT8321: All versions

MT8667: All versions

MT8675: All versions

MT8765: All versions

MT8766: All versions

MT8768: All versions

MT8786: All versions

MT8788: All versions

MT8789: All versions

MT8797: All versions

CPE2.3

External links

http://corp.mediatek.com/product-security-bulletin/April-2022

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

19) Out-of-bounds read

EUVDB-ID: #VU73037

Risk: Low

CVSSv3.1: 2 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-20064

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local privileged application to gain access to sensitive information.

The vulnerability exists due to an incorrect bounds check within ccci. A local privileged application can gain access to sensitive information.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

MT6580: All versions

MT6737: All versions

MT6739: All versions

MT6761: All versions

MT6762: All versions

MT6763: All versions

MT6765: All versions

MT6768: All versions

MT6769: All versions

MT6779: All versions

MT6781: All versions

MT6785: All versions

MT6789: All versions

MT6833: All versions

MT6853: All versions

MT6873: All versions

MT6875: All versions

MT6877: All versions

MT6879: All versions

MT6883: All versions

MT6885: All versions

MT6889: All versions

MT6893: All versions

MT6895: All versions

MT6983: All versions

MT6985: All versions

MT8321: All versions

MT8667: All versions

MT8675: All versions

MT8765: All versions

MT8766: All versions

MT8768: All versions

MT8786: All versions

MT8788: All versions

MT8789: All versions

MT8797: All versions

CPE2.3

External links

http://corp.mediatek.com/product-security-bulletin/April-2022

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

20) Out-of-bounds write

EUVDB-ID: #VU73036

Risk: Low

CVSSv3.1: 5.8 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-20063

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a local privileged application to execute arbitrary code.

The vulnerability exists due to a missing bounds check within atf (spm). A local privileged application can execute arbitrary code.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

MT6765: All versions

MT8385: All versions

MT8666: All versions

MT8667: All versions

MT8766: All versions

MT8786: All versions

MT8788: All versions

CPE2.3

External links

http://corp.mediatek.com/product-security-bulletin/April-2022

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

21) Use After Free

EUVDB-ID: #VU73035

Risk: Low

CVSSv3.1: 5.8 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-20062

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local privileged application to execute arbitrary code.

The vulnerability exists due to a use after free within mdp. A local privileged application can execute arbitrary code.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

MT6765: All versions

MT6785: All versions

MT6833: All versions

MT6853: All versions

MT6853T: All versions

MT6873: All versions

MT6877: All versions

MT6879: All versions

MT6885: All versions

MT6891: All versions

MT6893: All versions

MT8163: All versions

MT8167: All versions

MT8167S: All versions

MT8168: All versions

MT8173: All versions

MT8175: All versions

MT8183: All versions

MT8185: All versions

MT8321: All versions

MT8362A: All versions

MT8365: All versions

MT8385: All versions

MT8666: All versions

MT8667: All versions

MT8675: All versions

MT8735A: All versions

MT8735B: All versions

MT8765: All versions

MT8766: All versions

MT8768: All versions

MT8786: All versions

MT8788: All versions

MT8789: All versions

MT8791: All versions

MT8797: All versions

CPE2.3

External links

http://corp.mediatek.com/product-security-bulletin/April-2022

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

22) Double Free

EUVDB-ID: #VU62001

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-25477

CWE-ID: CWE-415 - Double Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a double free error within the Modem LTE RRC when decoding an incorrect ASN.1 data. A remote attacker can pass specially crafted data to the system, trigger a double free error and perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

MT6735: All versions

MT6737: All versions

MT6739: All versions

MT6750S: All versions

MT6757: All versions

MT6757P: All versions

MT6761: All versions

MT6762: All versions

MT6762D: All versions

MT6762M: All versions

MT6763: All versions

MT6765: All versions

MT6765T: All versions

MT6767: All versions

MT6768: All versions

MT6769: All versions

MT6769T: All versions

MT6769Z: All versions

MT6771: All versions

MT6779: All versions

MT6781: All versions

MT6783: All versions

MT6785: All versions

MT6785T: All versions

MT6833: All versions

MT6853: All versions

MT6873: All versions

MT6875: All versions

MT6877: All versions

MT6880: All versions

MT6883: All versions

MT6885: All versions

MT6889: All versions

MT6890: All versions

MT6891: All versions

MT6893: All versions

MT8666: All versions

MT8667: All versions

MT8675: All versions

MT8735A: All versions

MT8735B: All versions

MT8765: All versions

MT8766: All versions

MT8768: All versions

MT8786: All versions

MT8788: All versions

MT8789: All versions

MT8791: All versions

MT8797: All versions

CPE2.3

External links

http://corp.mediatek.com/product-security-bulletin/April-2022

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.