Lucene search
MediaTekCVE-2022-26473HistoryOct 07, 2022 - 8:15 p.m.
CVE-2022-26473
2022-10-0720:15:11
CWE-667
MediaTek
web.nvd.nist.gov
31
4
vulnerability
use after free
vdec fmt
local escalation of privilege
system execution privileges
nvd
cve-2022-26473
patch
alps07342197
issue id alps07342197
CVSS3
6.7
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
EPSS
0
Percentile
5.1%
In vdec fmt, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07342197; Issue ID: ALPS07342197.
Affected configurations
Node
googleandroidMatch12.0
mediatekmt6789Match-
ORmediatekmt6855Match-
ORmediatekmt6879Match-
ORmediatekmt6895Match-
ORmediatekmt6983Match-
ORmediatekmt8168Match-
ORmediatekmt8365Match-
ORmediatekmt8695Match-
ORmediatekmt8696Match-
ORmediatekmt8798Match-
| Vendor | Product | Version | CPE |
|---|---|---|---|
| android | 12.0 | cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:* | |
| mediatek | mt6789 | - | cpe:2.3:h:mediatek:mt6789:-:*:*:*:*:*:*:* |
| mediatek | mt6855 | - | cpe:2.3:h:mediatek:mt6855:-:*:*:*:*:*:*:* |
| mediatek | mt6879 | - | cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:* |
| mediatek | mt6895 | - | cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:* |
| mediatek | mt6983 | - | cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:* |
| mediatek | mt8168 | - | cpe:2.3:h:mediatek:mt8168:-:*:*:*:*:*:*:* |
| mediatek | mt8365 | - | cpe:2.3:h:mediatek:mt8365:-:*:*:*:*:*:*:* |
| mediatek | mt8695 | - | cpe:2.3:h:mediatek:mt8695:-:*:*:*:*:*:*:* |
| mediatek | mt8696 | - | cpe:2.3:h:mediatek:mt8696:-:*:*:*:*:*:*:* |
CNA Affected
[
{
"vendor": "MediaTek, Inc.",
"product": "MT6789, MT6855, MT6879, MT6895, MT6983, MT8168, MT8365, MT8695, MT8696, MT8798",
"versions": [
{
"version": "Android 12.0",
"status": "affected"
}
]
}
]Social References
More
Related
cnvd
cnvd
Multiple MediaTek chip vdec fmt local privilege elevation vulnerabilities
2022-10-10 00:00:00
cvelist
cvelist
CVE-2022-26473
2022-10-07 00:00:00
nvd
nvd
CVE-2022-26473
2022-10-07 20:15:11
prion
prion
Input validation
2022-10-07 20:15:00
CVSS3
6.7
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
EPSS
0
Percentile
5.1%
Related for CVE-2022-26473