SB2022070819 - Multiple vulnerabilities in MediaTek chipsets
Published: July 8, 2022
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 27 secuirty vulnerabilities.
1) Race condition (CVE-ID: CVE-2022-21774)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a race condition in TEEI driver. A local application can exploit the race and escalate privileges on the system.
2) Out-of-bounds write (CVE-ID: CVE-2022-21787)
The vulnerability allows a malicious application to escalate privileges on the system.
The vulnerability exists due to a boundary error in audio DSP. A malicious application can trigger an out-of-bounds write and execute arbitrary code with elevated privileges.
3) Type conversion (CVE-ID: CVE-2022-21786)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a type conversion error in audio DSP. A local application can trigger memory corruption and execute arbitrary code with elevated privileges.
4) Out-of-bounds write (CVE-ID: CVE-2022-21785)
The vulnerability allows a malicious application to escalate privileges on the system.
The vulnerability exists due to a boundary error in WLAN driver. A malicious application can trigger an out-of-bounds write and execute arbitrary code with elevated privileges.
5) Out-of-bounds write (CVE-ID: CVE-2022-21784)
The vulnerability allows a malicious application to escalate privileges on the system.
The vulnerability exists due to a boundary error in WLAN driver. A malicious application can trigger an out-of-bounds write and execute arbitrary code with elevated privileges.
6) Out-of-bounds write (CVE-ID: CVE-2022-21783)
The vulnerability allows a malicious application to escalate privileges on the system.
The vulnerability exists due to a boundary error in WLAN driver. A malicious application can trigger an out-of-bounds write and execute arbitrary code with elevated privileges.
7) Out-of-bounds write (CVE-ID: CVE-2022-21782)
The vulnerability allows a malicious application to escalate privileges on the system.
The vulnerability exists due to a boundary error in WLAN driver. A malicious application can trigger an out-of-bounds write and execute arbitrary code with elevated privileges.
8) Out-of-bounds write (CVE-ID: CVE-2022-21781)
The vulnerability allows a malicious application to escalate privileges on the system.
The vulnerability exists due to a boundary error in WLAN driver. A malicious application can trigger an out-of-bounds write and execute arbitrary code with elevated privileges.
9) Out-of-bounds write (CVE-ID: CVE-2022-21780)
The vulnerability allows a malicious application to escalate privileges on the system.
The vulnerability exists due to a boundary error in WLAN driver. A malicious application can trigger an out-of-bounds write and execute arbitrary code with elevated privileges.
10) Out-of-bounds write (CVE-ID: CVE-2022-21779)
The vulnerability allows a malicious application to escalate privileges on the system.
The vulnerability exists due to a boundary error in WLAN driver. A malicious application can trigger an out-of-bounds write and execute arbitrary code with elevated privileges.
11) Improper access control (CVE-ID: CVE-2022-21777)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due missing permission check in Autoboot. A local application can execute arbitrary code on the system with elevated privileges.
12) Race condition (CVE-ID: CVE-2022-21776)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a race condition in MDP. A local application can exploit the race and escalate privileges on the system.
13) Use-after-free (CVE-ID: CVE-2022-21775)
The vulnerability allows a local application to execute arbitrary code with elevated privileges.
The vulnerability exists due to a use-after-free error caused by improper locking within the sched driver. A local application can execute arbitrary code with elevated privileges.
14) Race condition (CVE-ID: CVE-2022-21773)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a race condition in TEEI driver. A local application can exploit the race and escalate privileges on the system.
15) Race condition (CVE-ID: CVE-2022-20082)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a race condition in GPU component. A local application can exploit the race to trigger a use-after-free error and escalate privileges on the system.
16) Race condition (CVE-ID: CVE-2022-21772)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a race condition in TEEI driver. A local application can exploit the race and escalate privileges on the system.
17) Race condition (CVE-ID: CVE-2022-21771)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a race condition in GED driver. A local application can exploit the race to trigger a use-after-free error and escalate privileges on the system.
18) UNIX symbolic link following (CVE-ID: CVE-2022-21770)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to a symlink following issue. A local application can use a specially crafted symbolic link to a critical file on the system and gain access to sensitive information.
19) Out-of-bounds read (CVE-ID: CVE-2022-21769)
The vulnerability allows a local application to escalate privileges on the system.
20) Out-of-bounds write (CVE-ID: CVE-2022-21766)
The vulnerability allows a local application to escalate privileges on the system.
21) Out-of-bounds write (CVE-ID: CVE-2022-21765)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a boundary error in CCCI. A malicious application can execute arbitrary code with elevated privileges.
22) Heap-based buffer overflow (CVE-ID: CVE-2022-21768)
The vulnerability allows an attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within Bluetooth implementation. A remote attacker with physical proximity to device can trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
23) Heap-based buffer overflow (CVE-ID: CVE-2022-21767)
The vulnerability allows an attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within Bluetooth implementation. A remote attacker with physical proximity to device can trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
24) Out-of-bounds write (CVE-ID: CVE-2022-20083)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error in Modem 2G/3G CC when decoding combined FACILITY. A remote attacker can send specially crafted packets to the device, trigger an out-of-bounds write and execute arbitrary code on the target system.
25) Out-of-bounds write (CVE-ID: CVE-2022-21744)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted input in Modem 2G RR when decoding GPRS Packet Neighbour Cell Data (PNCD). A remote attacker can send specially crafted packets to the device, trigger an out-of-bounds write and execute arbitrary code on the target system.
26) Improper access control (CVE-ID: CVE-2022-21764)
The vulnerability allows a local application to gain access to sensitive information.
27) Improper access control (CVE-ID: CVE-2022-21763)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper access restrictions in telecom service. A local application can obtain potentially sensitive information.
Remediation
Install update from vendor's website.