SB2022100344 - Multiple vulnerabilities in MediaTek chipsets

Description

This security bulletin contains information about 11 secuirty vulnerabilities.

1) Deserialization of Untrusted Data (CVE-ID: CVE-2022-26471)

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to insecure input validation when processing serialized data within the telephony service. A local application can pass a specially crafted data to the affected service and execute arbitrary code with elevated privileges.

2) Deserialization of Untrusted Data (CVE-ID: CVE-2022-26472)

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to insecure input validation when processing serialized data within the ims service. A local application can pass a specially crafted data to the affected service and execute arbitrary code with elevated privileges.

3) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2022-26452)

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to improper locking within the isp component. A local application with System execution permissions can execute arbitrary code.

4) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2022-26473)

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to improper locking within the vdec fmt component. A local application with System execution permissions can execute arbitrary code.

5) Buffer overflow (CVE-ID: CVE-2022-26474)

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to a boundary error in sensorhub. A local application can trigger memory corruption and execute arbitrary code with elevated privileges.

6) Buffer overflow (CVE-ID: CVE-2022-26475)

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to a boundary error in WLAN component. A local application can trigger memory corruption and execute arbitrary code with elevated privileges.

7) Improper Resource Shutdown or Release (CVE-ID: CVE-2022-32589)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper resource shutdown or release in Wi-Fi driver. A remote attacker can send specially crafted traffic to the affected device and perform a denial of service (DoS) attack.

8) Use-after-free (CVE-ID: CVE-2022-32590)

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the WLAN component. A local application can trigger a use-after-free error and execute arbitrary code with elevated privileges.

9) Buffer overflow (CVE-ID: CVE-2022-32591)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error within the ril component. A remote attacker can send specially crafted traffic to the device, trigger memory corruption and perform a denial of service (DoS) attack.

10) Input validation error (CVE-ID: CVE-2022-32592)

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to improper input validation within cpu dvfs. A local application can execute arbitrary code with elevated privileges.

11) Out-of-bounds write (CVE-ID: CVE-2022-32593)

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to a boundary error within the vowe component. A local application can trigger an out-of-bounds write and execute arbitrary code with elevated privileges.

Remediation

Install update from vendor's website.

References

• https://corp.mediatek.com/product-security-bulletin/October-2022