CVE-2022-20068

2022-04-1119:38:01

MediaTek

www.cve.org

mobile_log_d

symbolic link

local privilege escalation

EPSS

Percentile

5.1%

JSON

In mobile_log_d, there is a possible symbolic link following due to an improper link resolution. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06308907; Issue ID: ALPS06308907.

CNA Affected

[
  {
    "product": "MT6731, MT6732, MT6735, MT6737, MT6739, MT6761, MT6762, MT6763, MT6765, MT6768, MT6769, MT6771, MT6779, MT6781, MT6785, MT6795, MT6799, MT6833, MT6853T, MT6873, MT6875, MT6877, MT6880, MT6883, MT6885, MT6889, MT6890, MT6891, MT6893, MT6985, MT8163, MT8167, MT8167S, MT8168, MT8173, MT8175, MT8183, MT8185, MT8321, MT8362A, MT8365, MT8385, MT8666, MT8667, MT8675, MT8735A, MT8735B, MT8765, MT8766, MT8768, MT8786, MT8788, MT8789, MT8791, MT8797",
    "vendor": "MediaTek, Inc.",
    "versions": [
      {
        "status": "affected",
        "version": "Android 10.0, 11.0, 12.0"
      }
    ]
  }
]

References

corp.mediatek.com/product-security-bulletin/April-2022

EPSS

Percentile

5.1%

JSON

Related for CVELIST:CVE-2022-20068