MT2731, MT2735, MT2737, MT6580, MT6739, MT6761, MT6762, MT6765, MT6767, MT6768, MT6769, MT6771, MT6779, MT6781, MT6783, MT6785, MT6789, MT6833, MT6853, MT6855, MT6873, MT6877, MT6879, MT6880, MT6883, MT6885, MT6886, MT6889, MT6890, MT6891, MT6893, MT6895, MT6896, MT6980, MT6980D, MT6983, MT6985, MT6990, MT8167, MT8168, MT8173, MT8185, MT8321, MT8362A, MT8365, MT8385, MT8666, MT8673, MT8675, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791, MT8791T, MT8797 Security Vulnerabilities
In ccu, there is a possible escalation of privilege due to a missing certificate validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is no needed for exploitation. Patch ID: ALPS06183315; Issue ID:...
6.7CVSS
6.6AI Score
0.0004EPSS
In vow, there is a possible read of uninitialized data due to a improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is no needed for exploitation. Patch ID: ALPS05837742; Issue ID:...
4.4CVSS
4.2AI Score
0.0004EPSS
In vow, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is no needed for exploitation. Patch ID: ALPS05837742; Issue ID:...
6.4CVSS
6.7AI Score
0.0004EPSS
In ged, there is a possible memory corruption due to an incorrect error handling. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05838808; Issue ID:...
4.4CVSS
4.5AI Score
0.0004EPSS
In search engine service, there is a possible way to change the default search engine due to an incorrect comparison. This could lead to local escalation of privilege with System execution privileges needed. User interaction is no needed for exploitation. Patch ID: ALPS06219118; Issue ID:...
6.7CVSS
6.7AI Score
0.001EPSS
In A-GPS, there is a possible man in the middle attack due to improper certificate validation. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06461919; Issue ID:...
5.9CVSS
5.5AI Score
0.001EPSS
In vow, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is no needed for exploitation. Patch ID: ALPS05852819; Issue ID:...
6.4CVSS
6.7AI Score
0.0004EPSS
In ssmr, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is no needed for exploitation. Patch ID: ALPS06362920; Issue ID:...
6.7CVSS
6.7AI Score
0.0004EPSS
In SUB2AF, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is no needed for exploitation. Patch ID: ALPS05881290; Issue ID:...
6.4CVSS
6.7AI Score
0.0004EPSS
In preloader (partition), there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, for an attacker who has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation....
6.6CVSS
6.5AI Score
0.0005EPSS
In ged, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05838808; Issue ID:...
6.7CVSS
6.7AI Score
0.0004EPSS
In atf (hwfde), there is a possible leak of sensitive information due to incorrect error handling. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06171729; Issue ID:...
4.4CVSS
4.2AI Score
0.0004EPSS
In mdp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is no needed for exploitation. Patch ID: ALPS05836585; Issue ID:...
6.7CVSS
6.7AI Score
0.0004EPSS
In mobile_log_d, there is a possible symbolic link following due to an improper link resolution. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06308907; Issue ID:...
6.7CVSS
6.6AI Score
0.0004EPSS
In ccci, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06108658; Issue ID:...
6.7CVSS
5.9AI Score
0.0004EPSS
In preloader (usb), there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege, for an attacker who has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID:...
6.6CVSS
6.5AI Score
0.0005EPSS
In atf (spm), there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS06171715; Issue ID:...
6.5CVSS
6.6AI Score
0.0004EPSS
In mdp, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS05836642; Issue ID:...
6.5CVSS
6.8AI Score
0.0004EPSS
In ccci, there is a possible leak of kernel pointer due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06108617; Issue ID:...
6.7CVSS
5.8AI Score
0.0004EPSS
In mdp, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is no needed for exploitation. Patch ID: ALPS05836418; Issue ID:...
6.7CVSS
6.8AI Score
0.0004EPSS
In preloader (usb), there is a possible permission bypass due to a missing proper image authentication. This could lead to local escalation of privilege, for an attacker who has physical access to the device, with no additional execution privileges needed. User interaction is needed for...
6.6CVSS
6.5AI Score
0.0005EPSS
In preloader (usb), there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, for an attacker who has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID:....
6.6CVSS
6.5AI Score
0.0005EPSS
In preloader (usb), there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, for an attacker who has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID:....
6.6CVSS
6.5AI Score
0.0005EPSS
In btif, there is a possible memory corruption due to incorrect error handling. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS06271186; Issue ID:...
6.5CVSS
6.8AI Score
0.0004EPSS
In preloader (usb), there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, for an attacker who has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID:....
6.8CVSS
6.6AI Score
0.0005EPSS
In ims service, there is a possible AT command injection due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06219083; Issue ID:...
7.8CVSS
7.9AI Score
0.0004EPSS
In preloader (usb), there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, for an attacker who has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID:....
6.6CVSS
6.5AI Score
0.0005EPSS
In ims service, there is a possible unexpected application behavior due to incorrect privilege assignment. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06219127; Issue ID:...
5.5CVSS
5.4AI Score
0.0004EPSS
In ims service, there is a possible escalation of privilege due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06219097; Issue ID:...
7.8CVSS
8.1AI Score
0.0004EPSS
In vpu, there is a possible escalation of privilege due to a missing permission check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05954679; Issue ID:...
6.7CVSS
6.6AI Score
0.0004EPSS
In connsyslogger, there is a possible symbolic link following due to improper link resolution. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06335038; Issue ID:...
6.7CVSS
6.6AI Score
0.0004EPSS
In video decoder, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05917489; Issue ID:...
7.8CVSS
8.2AI Score
0.0004EPSS
In video decoder, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05917502; Issue ID:...
7.8CVSS
8.2AI Score
0.0004EPSS
Updated nonfree firmware packages fix security vulnerabilities
This update provides new and updated nonfree firmwares and fixes at least the following security issues: Improper input validation in firmware for Intel(R) PROSet/Wireless Wi-Fi may allow an unauthenticated user to potentially enable escalation of privilege via local access (CVE-2021-0066 /...
8.4CVSS
3.8AI Score
0.001EPSS
8.8CVSS
7.1AI Score
0.013EPSS
8.8CVSS
7.2AI Score
0.013EPSS
Security update for the Linux Kernel (critical)
An update that solves 11 vulnerabilities and has 29 fixes is now available. Description: The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: CVE-2022-0435: Fixed remote stack overflow in net/tipc module...
8.8CVSS
-0.2AI Score
0.013EPSS
Security update for the Linux Kernel (critical)
An update that solves 12 vulnerabilities and has 20 fixes is now available. Description: The SUSE Linux Enterprise 15 SP3 Azure kernel was updated to receive various security and bugfixes. The following security bugs were fixed: CVE-2022-0435: Fixed remote stack overflow in net/tipc module...
8.8CVSS
-0.4AI Score
0.013EPSS
In Bluetooth, there is a possible memory corruption due to a logic error. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06142410; Issue ID:...
5.5CVSS
5.5AI Score
0.0004EPSS
In power_hal_manager_service, there is a possible permission bypass due to a stack-based buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06219150; Issue ID:...
7.8CVSS
7.8AI Score
0.0004EPSS
In Bluetooth, there is a possible service crash due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06126820; Issue ID:...
7.8CVSS
7.7AI Score
0.0004EPSS
In Bluetooth, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06198663; Issue ID:...
7.8CVSS
7.7AI Score
0.0004EPSS
In Preloader XFLASH, there is a possible escalation of privilege due to an improper certificate validation. This could lead to local escalation of privilege for an attacker who has physical access to the device with no additional execution privileges needed. User interaction is not needed for...
6.8CVSS
6.6AI Score
0.0005EPSS
In ion driver, there is a possible information disclosure due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06171705; Issue ID:...
5.5CVSS
5.1AI Score
0.0004EPSS
In Bluetooth, there is a possible service crash due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06126814; Issue ID:...
7.8CVSS
7.7AI Score
0.0004EPSS
In vow driver, there is a possible memory corruption due to a race condition. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05852822; Issue ID:...
4.1CVSS
4.2AI Score
0.0004EPSS
In ion driver, there is a possible information disclosure due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06171689; Issue ID:...
5.5CVSS
5.1AI Score
0.0004EPSS
In Bluetooth, there is a possible escalation of privilege due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06108596; Issue ID:...
7.8CVSS
7.6AI Score
0.0004EPSS
In vcu driver, there is a possible information disclosure due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06171675; Issue ID:...
4.4CVSS
4.7AI Score
0.0004EPSS
In cmdq driver, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05747150; Issue ID:...
4.4CVSS
4.2AI Score
0.0004EPSS