Lucene search

[email protected]CVE-2022-21762

HistoryJun 06, 2022 - 6:15 p.m.

CVE-2022-21762

2022-06-0618:15:09

CWE-190

[email protected]

web.nvd.nist.gov

apusys

driver

integer overflow

system crash

denial of service

local exploitation

nvd

cve-2022-21762

4.9 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:N/I:N/A:C

4.4 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

4.6 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.6%

JSON

In apusys driver, there is a possible system crash due to an integer overflow. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06477946; Issue ID: ALPS06477946.

Affected configurations

Vulners

NVD

Node

googleandroidRange<12.0

mediatekmt6853

mediatekmt6853t

mediatekmt6873

mediatekmt6875

mediatekmt6877

mediatekmt6883

mediatekmt6885

mediatekmt6889

mediatekmt6891

mediatekmt6893

mediatekmt9636

mediatekmt9638

mediatekmt9666

VendorProductVersionCPE
googleandroid*cpe:2.3:o:google:android:*:*:*:*:*:*:*:*
mediatekmt6853*cpe:2.3:h:mediatek:mt6853:*:*:*:*:*:*:*:*
mediatekmt6853t*cpe:2.3:h:mediatek:mt6853t:*:*:*:*:*:*:*:*
mediatekmt6873*cpe:2.3:h:mediatek:mt6873:*:*:*:*:*:*:*:*
mediatekmt6875*cpe:2.3:h:mediatek:mt6875:*:*:*:*:*:*:*:*
mediatekmt6877*cpe:2.3:h:mediatek:mt6877:*:*:*:*:*:*:*:*
mediatekmt6883*cpe:2.3:h:mediatek:mt6883:*:*:*:*:*:*:*:*
mediatekmt6885*cpe:2.3:h:mediatek:mt6885:*:*:*:*:*:*:*:*
mediatekmt6889*cpe:2.3:h:mediatek:mt6889:*:*:*:*:*:*:*:*
mediatekmt6891*cpe:2.3:h:mediatek:mt6891:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
google	android	*	cpe:2.3:o:google:android::::::::
mediatek	mt6853	*	cpe:2.3:h:mediatek:mt6853::::::::
mediatek	mt6853t	*	cpe:2.3:h:mediatek:mt6853t::::::::
mediatek	mt6873	*	cpe:2.3:h:mediatek:mt6873::::::::
mediatek	mt6875	*	cpe:2.3:h:mediatek:mt6875::::::::
mediatek	mt6877	*	cpe:2.3:h:mediatek:mt6877::::::::
mediatek	mt6883	*	cpe:2.3:h:mediatek:mt6883::::::::
mediatek	mt6885	*	cpe:2.3:h:mediatek:mt6885::::::::
mediatek	mt6889	*	cpe:2.3:h:mediatek:mt6889::::::::
mediatek	mt6891	*	cpe:2.3:h:mediatek:mt6891::::::::

Rows per page:

1-10 of 141

CNA Affected

[
  {
    "product": "MT6853, MT6853T, MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893, MT9636, MT9638, MT9666",
    "vendor": "MediaTek, Inc.",
    "versions": [
      {
        "status": "affected",
        "version": "Android 12.0"
      }
    ]
  }
]

References

corp.mediatek.com/product-security-bulletin/June-2022

Social References

4.9 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:N/I:N/A:C

4.4 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

4.6 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.6%

JSON

Related for CVE-2022-21762

prion1 cvelist1 nvd1