Lucene search

[email protected]CVE-2022-21760

HistoryJun 06, 2022 - 6:15 p.m.

CVE-2022-21760

2022-06-0618:15:09

CWE-190

[email protected]

web.nvd.nist.gov

cve-2022-21760

apusys driver

integer overflow

system crash

denial of service

local privilege escalation

4.9 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:N/I:N/A:C

4.4 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

4.6 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.6%

JSON

In apusys driver, there is a possible system crash due to an integer overflow. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06479562; Issue ID: ALPS06479562.

Affected configurations

Vulners

NVD

Node

googleandroidRange<12.0

mediatekmt6853

mediatekmt6853t

mediatekmt6873

mediatekmt6875

mediatekmt6877

mediatekmt6883

mediatekmt6885

mediatekmt6889

mediatekmt6891

mediatekmt6893

mediatekmt9636

mediatekmt9638

mediatekmt9666

VendorProductVersionCPE
googleandroid*cpe:2.3:o:google:android:*:*:*:*:*:*:*:*
mediatekmt6853*cpe:2.3:h:mediatek:mt6853:*:*:*:*:*:*:*:*
mediatekmt6853t*cpe:2.3:h:mediatek:mt6853t:*:*:*:*:*:*:*:*
mediatekmt6873*cpe:2.3:h:mediatek:mt6873:*:*:*:*:*:*:*:*
mediatekmt6875*cpe:2.3:h:mediatek:mt6875:*:*:*:*:*:*:*:*
mediatekmt6877*cpe:2.3:h:mediatek:mt6877:*:*:*:*:*:*:*:*
mediatekmt6883*cpe:2.3:h:mediatek:mt6883:*:*:*:*:*:*:*:*
mediatekmt6885*cpe:2.3:h:mediatek:mt6885:*:*:*:*:*:*:*:*
mediatekmt6889*cpe:2.3:h:mediatek:mt6889:*:*:*:*:*:*:*:*
mediatekmt6891*cpe:2.3:h:mediatek:mt6891:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
google	android	*	cpe:2.3:o:google:android::::::::
mediatek	mt6853	*	cpe:2.3:h:mediatek:mt6853::::::::
mediatek	mt6853t	*	cpe:2.3:h:mediatek:mt6853t::::::::
mediatek	mt6873	*	cpe:2.3:h:mediatek:mt6873::::::::
mediatek	mt6875	*	cpe:2.3:h:mediatek:mt6875::::::::
mediatek	mt6877	*	cpe:2.3:h:mediatek:mt6877::::::::
mediatek	mt6883	*	cpe:2.3:h:mediatek:mt6883::::::::
mediatek	mt6885	*	cpe:2.3:h:mediatek:mt6885::::::::
mediatek	mt6889	*	cpe:2.3:h:mediatek:mt6889::::::::
mediatek	mt6891	*	cpe:2.3:h:mediatek:mt6891::::::::

Rows per page:

1-10 of 141

CNA Affected

[
  {
    "product": "MT6853, MT6853T, MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893, MT9636, MT9638, MT9666",
    "vendor": "MediaTek, Inc.",
    "versions": [
      {
        "status": "affected",
        "version": "Android 12.0"
      }
    ]
  }
]

References

corp.mediatek.com/product-security-bulletin/June-2022

Social References

4.9 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:N/I:N/A:C

4.4 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

4.6 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.6%

JSON

Related for CVE-2022-21760

cvelist1 prion1 nvd1