Lucene search

MediaTekCVE-2022-21747

HistoryJun 06, 2022 - 6:15 p.m.

CVE-2022-21747

2022-06-0618:15:08

CWE-125

MediaTek

web.nvd.nist.gov

cve-2022-21747

imgsensor

out of bounds read

denial of service

security vulnerability

nvd

alps06478078

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:N/I:N/A:P

CVSS3

4.4

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

AI Score

4.6

Confidence

High

EPSS

Percentile

5.1%

JSON

In imgsensor, there is a possible out of bounds read due to a missing bounds check. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06478078; Issue ID: ALPS06478078.

Affected configurations

Nvd

Vulners

Node

googleandroidMatch9.0

googleandroidMatch10.0

googleandroidMatch11.0

googleandroidMatch12.0

AND

mediatekmt6771Match-

mediatekmt6779Match-

mediatekmt6781Match-

mediatekmt6785Match-

mediatekmt6833Match-

mediatekmt6853Match-

mediatekmt6873Match-

mediatekmt6885Match-

mediatekmt6893Match-

mediatekmt8167Match-

mediatekmt8167sMatch-

mediatekmt8168Match-

mediatekmt8173Match-

mediatekmt8362aMatch-

mediatekmt8365Match-

mediatekmt8765Match-

mediatekmt8766Match-

mediatekmt8768Match-

mediatekmt8786Match-

mediatekmt8788Match-

mediatekmt8789Match-

mediatekmt8797Match-

VendorProductVersionCPE
googleandroid9.0cpe:2.3:o:google:android:9.0:*:*:*:*:*:*:*
googleandroid10.0cpe:2.3:o:google:android:10.0:*:*:*:*:*:*:*
googleandroid11.0cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*
googleandroid12.0cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*
mediatekmt6771-cpe:2.3:h:mediatek:mt6771:-:*:*:*:*:*:*:*
mediatekmt6779-cpe:2.3:h:mediatek:mt6779:-:*:*:*:*:*:*:*
mediatekmt6781-cpe:2.3:h:mediatek:mt6781:-:*:*:*:*:*:*:*
mediatekmt6785-cpe:2.3:h:mediatek:mt6785:-:*:*:*:*:*:*:*
mediatekmt6833-cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*
mediatekmt6853-cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
google	android	9.0	cpe:2.3:o:google:android:9.0:::::::*
google	android	10.0	cpe:2.3:o:google:android:10.0:::::::*
google	android	11.0	cpe:2.3:o:google:android:11.0:::::::*
google	android	12.0	cpe:2.3:o:google:android:12.0:::::::*
mediatek	mt6771	-	cpe:2.3:h:mediatek:mt6771:-:::::::*
mediatek	mt6779	-	cpe:2.3:h:mediatek:mt6779:-:::::::*
mediatek	mt6781	-	cpe:2.3:h:mediatek:mt6781:-:::::::*
mediatek	mt6785	-	cpe:2.3:h:mediatek:mt6785:-:::::::*
mediatek	mt6833	-	cpe:2.3:h:mediatek:mt6833:-:::::::*
mediatek	mt6853	-	cpe:2.3:h:mediatek:mt6853:-:::::::*

Rows per page:

1-10 of 261

CNA Affected

[
  {
    "product": "MT6771, MT6779, MT6781, MT6785, MT6833, MT6853, MT6873, MT6885, MT6893, MT8167, MT8167S, MT8168, MT8173, MT8362A, MT8365, MT8765, MT8766, MT8768, MT8786, MT8788, MT8789, MT8797",
    "vendor": "MediaTek, Inc.",
    "versions": [
      {
        "status": "affected",
        "version": "Android 9.0, 10.0, 11.0, 12.0"
      }
    ]
  }
]

References

corp.mediatek.com/product-security-bulletin/June-2022

Social References

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:N/I:N/A:P

CVSS3

4.4

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

AI Score

4.6

Confidence

High

EPSS

Percentile

5.1%

JSON

Related for CVE-2022-21747