Lucene search

[email protected]CVE-2022-20106

HistoryMay 03, 2022 - 9:15 p.m.

CVE-2022-20106

2022-05-0321:15:09

CWE-787

[email protected]

web.nvd.nist.gov

cve-2022-20106

mm service

out of bounds write

heap-based buffer overflow

local privilege escalation

patch

nvd

4.6 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

6.7 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

0.0004 Low

EPSS

Percentile

5.1%

JSON

In MM service, there is a possible out of bounds write due to a heap-based buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: DTV03330460; Issue ID: DTV03330460.

Affected configurations

Vulners

NVD

Node

googleandroidRange<9.0

googleandroidRange<10.0

googleandroidRange<11.0

mediatekmt9011

mediatekmt9215

mediatekmt9216

mediatekmt9220

mediatekmt9221

mediatekmt9255

mediatekmt9256

mediatekmt9266

mediatekmt9269

mediatekmt9285

mediatekmt9286

mediatekmt9288

mediatekmt9600

mediatekmt9602

mediatekmt9610

mediatekmt9611

mediatekmt9612

mediatekmt9613

mediatekmt9615

mediatekmt9617

mediatekmt9629

mediatekmt9630

mediatekmt9631

mediatekmt9632

mediatekmt9636

mediatekmt9638

mediatekmt9639

mediatekmt9650

mediatekmt9652

mediatekmt9666

mediatekmt9669

mediatekmt9670

mediatekmt9675

mediatekmt9685

mediatekmt9686

mediatekmt9688

VendorProductVersionCPE
googleandroid*cpe:2.3:o:google:android:*:*:*:*:*:*:*:*
googleandroid*cpe:2.3:o:google:android:*:*:*:*:*:*:*:*
googleandroid*cpe:2.3:o:google:android:*:*:*:*:*:*:*:*
mediatekmt9011*cpe:2.3:h:mediatek:mt9011:*:*:*:*:*:*:*:*
mediatekmt9215*cpe:2.3:h:mediatek:mt9215:*:*:*:*:*:*:*:*
mediatekmt9216*cpe:2.3:h:mediatek:mt9216:*:*:*:*:*:*:*:*
mediatekmt9220*cpe:2.3:h:mediatek:mt9220:*:*:*:*:*:*:*:*
mediatekmt9221*cpe:2.3:h:mediatek:mt9221:*:*:*:*:*:*:*:*
mediatekmt9255*cpe:2.3:h:mediatek:mt9255:*:*:*:*:*:*:*:*
mediatekmt9256*cpe:2.3:h:mediatek:mt9256:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
google	android	*	cpe:2.3:o:google:android::::::::
google	android	*	cpe:2.3:o:google:android::::::::
google	android	*	cpe:2.3:o:google:android::::::::
mediatek	mt9011	*	cpe:2.3:h:mediatek:mt9011::::::::
mediatek	mt9215	*	cpe:2.3:h:mediatek:mt9215::::::::
mediatek	mt9216	*	cpe:2.3:h:mediatek:mt9216::::::::
mediatek	mt9220	*	cpe:2.3:h:mediatek:mt9220::::::::
mediatek	mt9221	*	cpe:2.3:h:mediatek:mt9221::::::::
mediatek	mt9255	*	cpe:2.3:h:mediatek:mt9255::::::::
mediatek	mt9256	*	cpe:2.3:h:mediatek:mt9256::::::::

Rows per page:

1-10 of 391

CNA Affected

[
  {
    "product": "MT9011, MT9215, MT9216, MT9220, MT9221, MT9255, MT9256, MT9266, MT9269, MT9285, MT9286, MT9288, MT9600, MT9602, MT9610, MT9611, MT9612, MT9613, MT9615, MT9617, MT9629, MT9630, MT9631, MT9632, MT9636, MT9638, MT9639, MT9650, MT9652, MT9666, MT9669, MT9670, MT9675, MT9685, MT9686, MT9688",
    "vendor": "MediaTek, Inc.",
    "versions": [
      {
        "status": "affected",
        "version": "Android 9.0, 10.0, 11.0 or Linux Kernel 4.9, 4.19"
      }
    ]
  }
]

References

corp.mediatek.com/product-security-bulletin/May-2022

Social References

4.6 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

6.7 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for CVE-2022-20106

prion1 nvd1 cvelist1