Lucene search

MediaTekCVE-2022-20079

HistoryApr 11, 2022 - 8:15 p.m.

CVE-2022-20079

2022-04-1120:15:19

CWE-908

MediaTek

web.nvd.nist.gov

cve-2022-20079

vow

uninitialized data

input validation

local information disclosure

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

CVSS3

4.4

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

AI Score

4.2

Confidence

High

EPSS

Percentile

5.1%

JSON

In vow, there is a possible read of uninitialized data due to a improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is no needed for exploitation. Patch ID: ALPS05837742; Issue ID: ALPS05857289.

Affected configurations

Nvd

Vulners

Node

mediatekmt6781Match-

mediatekmt6785Match-

mediatekmt6833Match-

mediatekmt6853Match-

mediatekmt6853tMatch-

mediatekmt6873Match-

mediatekmt6877Match-

mediatekmt6883Match-

mediatekmt6885Match-

mediatekmt6889Match-

mediatekmt6891Match-

mediatekmt6893Match-

mediatekmt8185Match-

mediatekmt8789Match-

mediatekmt8791Match-

mediatekmt8797Match-

AND

googleandroidMatch10.0

googleandroidMatch11.0

VendorProductVersionCPE
mediatekmt6781-cpe:2.3:h:mediatek:mt6781:-:*:*:*:*:*:*:*
mediatekmt6785-cpe:2.3:h:mediatek:mt6785:-:*:*:*:*:*:*:*
mediatekmt6833-cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*
mediatekmt6853-cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*
mediatekmt6853t-cpe:2.3:h:mediatek:mt6853t:-:*:*:*:*:*:*:*
mediatekmt6873-cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*
mediatekmt6877-cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*
mediatekmt6883-cpe:2.3:h:mediatek:mt6883:-:*:*:*:*:*:*:*
mediatekmt6885-cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*
mediatekmt6889-cpe:2.3:h:mediatek:mt6889:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
mediatek	mt6781	-	cpe:2.3:h:mediatek:mt6781:-:::::::*
mediatek	mt6785	-	cpe:2.3:h:mediatek:mt6785:-:::::::*
mediatek	mt6833	-	cpe:2.3:h:mediatek:mt6833:-:::::::*
mediatek	mt6853	-	cpe:2.3:h:mediatek:mt6853:-:::::::*
mediatek	mt6853t	-	cpe:2.3:h:mediatek:mt6853t:-:::::::*
mediatek	mt6873	-	cpe:2.3:h:mediatek:mt6873:-:::::::*
mediatek	mt6877	-	cpe:2.3:h:mediatek:mt6877:-:::::::*
mediatek	mt6883	-	cpe:2.3:h:mediatek:mt6883:-:::::::*
mediatek	mt6885	-	cpe:2.3:h:mediatek:mt6885:-:::::::*
mediatek	mt6889	-	cpe:2.3:h:mediatek:mt6889:-:::::::*

Rows per page:

1-10 of 181

CNA Affected

[
  {
    "product": "MT6781, MT6785, MT6833, MT6853, MT6853T, MT6873, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893, MT8185, MT8789, MT8791, MT8797",
    "vendor": "MediaTek, Inc.",
    "versions": [
      {
        "status": "affected",
        "version": "Android 10.0, 11.0"
      }
    ]
  }
]

References

corp.mediatek.com/product-security-bulletin/April-2022

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

CVSS3

4.4

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

AI Score

4.2

Confidence

High

EPSS

Percentile

5.1%

JSON

Related for CVE-2022-20079