Integer overflow in MediaTek products

#VU73080 Integer overflow in MediaTek products

Cybersecurity Help s.r.o.

Published: 2023-03-07

Vulnerability identifier: #VU73080

Vulnerability risk: Low

CVSSv3.1: 2 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-20107

CWE-ID: CWE-190

Exploitation vector: Local

Exploit availability: No

Vendor: MediaTek

Description

The vulnerability allows a local privileged application to perform service disruption.

The vulnerability exists due to an integer overflow within subtitle service. A local privileged application can perform service disruption.

Mitigation
Install security update from vendor's website.

Vulnerable software versions

MT9011: All versions

MT9215: All versions

MT9216: All versions

MT9220: All versions

MT9221: All versions

MT9255: All versions

MT9256: All versions

MT9266: All versions

MT9269: All versions

MT9285: All versions

MT9286: All versions

MT9288: All versions

MT9600: All versions

MT9602: All versions

MT9610: All versions

MT9611: All versions

MT9612: All versions

MT9613: All versions

MT9615: All versions

MT9617: All versions

MT9629: All versions

MT9630: All versions

MT9631: All versions

MT9632: All versions

MT9636: All versions

MT9638: All versions

MT9639: All versions

MT9650: All versions

MT9652: All versions

MT9666: All versions

MT9669: All versions

MT9670: All versions

MT9675: All versions

MT9685: All versions

MT9686: All versions

MT9688: All versions

External links
http://corp.mediatek.com/product-security-bulletin/May-2022

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in MediaTek chipsets