#VU67846 Buffer overflow in MediaTek products - CVE-2022-32591

Vulnerability identifier: #VU67846

Vulnerability risk: Medium

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2022-32591

CWE-ID: CWE-119

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
MT6580
Mobile applications / Mobile firmware & hardware
MT6739
Mobile applications / Mobile firmware & hardware
MT6753
Mobile applications / Mobile firmware & hardware
MT6757
Mobile applications / Mobile firmware & hardware
MT6761
Mobile applications / Mobile firmware & hardware
MT6762
Mobile applications / Mobile firmware & hardware
MT6763
Mobile applications / Mobile firmware & hardware
MT6765
Mobile applications / Mobile firmware & hardware
MT6768
Mobile applications / Mobile firmware & hardware
MT6789
Mobile applications / Mobile firmware & hardware
MT6833
Mobile applications / Mobile firmware & hardware
MT6855
Mobile applications / Mobile firmware & hardware
MT6879
Mobile applications / Mobile firmware & hardware
MT6895
Mobile applications / Mobile firmware & hardware
MT6983
Mobile applications / Mobile firmware & hardware
MT8321
Mobile applications / Mobile firmware & hardware
MT8385
Mobile applications / Mobile firmware & hardware
MT8666
Mobile applications / Mobile firmware & hardware
MT8675
Mobile applications / Mobile firmware & hardware
MT8765
Mobile applications / Mobile firmware & hardware
MT8766
Mobile applications / Mobile firmware & hardware
MT8768
Mobile applications / Mobile firmware & hardware
MT8786
Mobile applications / Mobile firmware & hardware
MT8788
Mobile applications / Mobile firmware & hardware
MT8789
Mobile applications / Mobile firmware & hardware
MT8791
Mobile applications / Mobile firmware & hardware
MT6779
Hardware solutions / Firmware
MT6781
Hardware solutions / Firmware
MT6785
Hardware solutions / Firmware
MT6853
Hardware solutions / Firmware
MT6853T
Hardware solutions / Firmware
MT6873
Hardware solutions / Firmware
MT6875
Hardware solutions / Firmware
MT6877
Hardware solutions / Firmware
MT6885
Hardware solutions / Firmware
MT6893
Hardware solutions / Firmware
MT8797
Hardware solutions / Firmware

Vendor: MediaTek

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error within the ril component. A remote attacker can send specially crafted traffic to the device, trigger memory corruption and perform a denial of service (DoS) attack.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

MT6580: All versions

MT6739: All versions

MT6753: All versions

MT6757: All versions

MT6761: All versions

MT6762: All versions

MT6763: All versions

MT6765: All versions

MT6768: All versions

MT6779: All versions

MT6781: All versions

MT6785: All versions

MT6789: All versions

MT6833: All versions

MT6853: All versions

MT6853T: All versions

MT6855: All versions

MT6873: All versions

MT6875: All versions

MT6877: All versions

MT6879: All versions

MT6885: All versions

MT6893: All versions

MT6895: All versions

MT6983: All versions

MT8321: All versions

MT8385: All versions

MT8666: All versions

MT8675: All versions

MT8765: All versions

MT8766: All versions

MT8768: All versions

MT8786: All versions

MT8788: All versions

MT8789: All versions

MT8791: All versions

MT8797: All versions

---

External links
https://corp.mediatek.com/product-security-bulletin/October-2022

---

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.