Lucene search

K
cveMediaTekCVE-2022-20094
HistoryMay 03, 2022 - 8:15 p.m.

CVE-2022-20094

2022-05-0320:15:08
CWE-787
MediaTek
web.nvd.nist.gov
54
2
cve-2022-20094
imgsensor
out of bounds write
vulnerability
local escalation
privilege escalation
nvd
security patch
alps06479763
alps06479734

CVSS2

4.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

CVSS3

6.7

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

EPSS

0

Percentile

5.1%

In imgsensor, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06479763; Issue ID: ALPS06479734.

Affected configurations

Nvd
Vulners
Node
mediatekmt6771Match-
OR
mediatekmt6779Match-
OR
mediatekmt6781Match-
OR
mediatekmt6785Match-
OR
mediatekmt6833Match-
OR
mediatekmt6853Match-
OR
mediatekmt6873Match-
OR
mediatekmt6885Match-
OR
mediatekmt6893Match-
OR
mediatekmt8788Match-
OR
mediatekmt8797Match-
AND
googleandroidMatch11.0
OR
googleandroidMatch12.0
VendorProductVersionCPE
mediatekmt6771-cpe:2.3:h:mediatek:mt6771:-:*:*:*:*:*:*:*
mediatekmt6779-cpe:2.3:h:mediatek:mt6779:-:*:*:*:*:*:*:*
mediatekmt6781-cpe:2.3:h:mediatek:mt6781:-:*:*:*:*:*:*:*
mediatekmt6785-cpe:2.3:h:mediatek:mt6785:-:*:*:*:*:*:*:*
mediatekmt6833-cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*
mediatekmt6853-cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*
mediatekmt6873-cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*
mediatekmt6885-cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*
mediatekmt6893-cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*
mediatekmt8788-cpe:2.3:h:mediatek:mt8788:-:*:*:*:*:*:*:*
Rows per page:
1-10 of 131

CNA Affected

[
  {
    "product": "MT6771, MT6779, MT6781, MT6785, MT6833, MT6853, MT6873, MT6885, MT6893, MT8788, MT8797",
    "vendor": "MediaTek, Inc.",
    "versions": [
      {
        "status": "affected",
        "version": "Android 11.0, 12.0"
      }
    ]
  }
]

Social References

More

CVSS2

4.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

CVSS3

6.7

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

EPSS

0

Percentile

5.1%

Related for CVE-2022-20094