MT6580, MT6761, MT6765, MT6779, MT6785, MT6789, MT6833, MT6835, MT6853, MT6853T, MT6855, MT6873, MT6877, MT6879, MT6883, MT6885, MT6886, MT6895, MT6983, MT6985, MT8168, MT8175, MT8188, MT8195, MT8365, MT8673 Security Vulnerabilities

CVE-2022-21778

In vpu, there is a possible information disclosure due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06382421; Issue ID:...

Multiple MediaTek chip telephony privilege elevation vulnerabilities

MediaTek chips are a variety of chips from MediaTek, a China-based MediaTek company. Several MediaTek chips telephony has elevation of privilege vulnerability, the vulnerability originated from the package format mismatch, attackers can use the vulnerability for elevation of...

Multiple MediaTek chips ims elevation of privilege vulnerabilities

MediaTek chips are a variety of chips from MediaTek, a China-based MediaTek company. Several MediaTek chips ims have an elevation of privilege vulnerability, which stems from a mismatch in the package format and can be exploited by attackers for elevation of...

Multiple MediaTek chip ril denial-of-service vulnerabilities

MediaTek Inc. is the world's fourth largest fab semiconductor company and a market leader in mobile devices, smart home applications, wireless connectivity technologies and IoT products, with approximately 1.5 billion devices with MediaTek chips built into them available worldwide each year....

Multiple MediaTek chip isp local privilege elevation vulnerabilities

MediaTek Inc. is the world's fourth largest fab semiconductor company and a market leader in mobile devices, smart home applications, wireless connectivity technologies and IoT products, with approximately 1.5 billion devices with MediaTek chips built into them hitting the market around the world.....

Multiple MediaTek chip cpu dvfs local privilege elevation vulnerabilities

MediaTek Inc. is the world's fourth largest fab semiconductor company and a market leader in mobile devices, smart home applications, wireless connectivity technologies and IoT products, with approximately 1.5 billion devices with MediaTek chips available worldwide each year. Several MediaTek...

Multiple MediaTek chip sensorhub local privilege elevation vulnerabilities

MediaTek Inc. is the world's fourth largest fab semiconductor company and a market leader in mobile devices, smart home applications, wireless connectivity technologies and IoT products, with approximately 1.5 billion devices a year with MediaTek chips built into them available worldwide. Several.....

Multiple MediaTek chip vdec fmt local privilege elevation vulnerabilities

MediaTek Inc. is the world's fourth largest fab semiconductor company and a market leader in mobile devices, smart home applications, wireless connectivity technologies and IoT products, with approximately 1.5 billion devices with MediaTek chips built into them hitting the market around the world.....

Multiple MediaTek chip wlan local privilege elevation vulnerabilities

MediaTek Inc. is the world's fourth largest fab semiconductor company and a market leader in mobile devices, smart home applications, wireless connectivity technologies and IoT products, with approximately 1.5 billion devices a year with MediaTek chips built into them available around the world....

MediaTek chip vowe local privilege elevation vulnerability

MediaTek Inc. is the world's fourth largest fab semiconductor company and a market leader in mobile devices, smart home applications, wireless connectivity technologies and IoT products, with approximately 1.5 billion devices a year with MediaTek chips built into them available around the world....

Multiple MediaTek chip denial of service vulnerabilities

MediaTek Inc. is the world's fourth largest fab semiconductor company and a market leader in mobile devices, smart home applications, wireless connectivity technologies and IoT products, with approximately 1.5 billion devices with MediaTek chips built into them hitting the market around the world.....

CVE-2022-32590

In wlan, there is a possible use after free due to an incorrect status check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07299425; Issue ID:...

CVE-2022-32591

In ril, there is a possible system crash due to an incorrect bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07257259; Issue ID:...

CVE-2022-32593

In vowe, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07138493; Issue ID:...

CVE-2022-32592

In cpu dvfs, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07139405; Issue ID:...

CVE-2022-32589

In Wi-Fi driver, there is a possible way to disconnect Wi-Fi due to an improper resource release. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07030600; Issue ID:...

CVE-2022-26474

In sensorhub, there is a possible out of bounds write due to an incorrect calculation of buffer size. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07129717; Issue ID:...

CVE-2022-26475

In wlan, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07310743; Issue ID:...

CVE-2022-26473

In vdec fmt, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07342197; Issue ID:...

CVE-2022-26472

In ims, there is a possible escalation of privilege due to a parcel format mismatch. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07319095; Issue ID:...

CVE-2022-26471

In telephony, there is a possible escalation of privilege due to a parcel format mismatch. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07319121; Issue ID:...

CVE-2022-26452

In isp, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07262305; Issue ID:...

CVE-2022-26469

In MtkEmail, there is a possible escalation of privilege due to fragment injection. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07216598; Issue ID:...

CVE-2022-26461

In vow, there is a possible undefined behavior due to an API misuse. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07032604; Issue ID:...

CVE-2022-26460

In vow, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07032590; Issue ID:...

CVE-2022-26458

In vow, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07032678; Issue ID:...

CVE-2022-26462

In vow, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07032660; Issue ID:...

CVE-2022-26464

In vow, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07032699; Issue ID:...

CVE-2022-26470

In aie, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07116037; Issue ID:...

CVE-2022-26465

In audio ipi, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06558799; Issue ID:...

CVE-2022-26468

In preloader (usb), there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, for an attacker who has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID:....

CVE-2022-26467

In rpmb, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07167738; Issue ID:...

CVE-2022-26466

In audio ipi, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06558777; Issue ID:...

CVE-2022-26459

In vow, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07032634; Issue ID:...

CVE-2022-26463

In vow, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07032686; Issue ID:...

CVE-2022-26456

In vow, there is a possible information disclosure due to a symbolic link following. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06545473; Issue ID:...

CVE-2022-26455

In gz, there is a possible memory corruption due to incorrect error handling. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07177858; Issue ID:...

CVE-2022-26451

In ged, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07202966; Issue ID:...

CVE-2022-26454

In teei, there is a possible memory corruption due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06664701; Issue ID:...

CVE-2022-26449

In apusys, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07177810; Issue ID:...

CVE-2022-26457

In vow, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07138490; Issue ID:...

CVE-2022-26450

In apusys, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07177801; Issue ID:...

CVE-2022-26448

In apusys, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07063849; Issue ID:...

CVE-2022-26453

In teei, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06664675; Issue ID:...

Unbreakable Enterprise kernel security update

[5.15.0-1.43.4.1] - net_sched: cls_route: remove from list when handle is 0 (Thadeu Lima de Souza Cascardo) [Orabug: 34460936] {CVE-2022-2588} [5.15.0-1.43.4] - Revert selftests/bpf: add tests verifying unprivileged bpf behaviour (Alan Maguire) [Orabug: 34399286] - Revert selftests/bpf: Add...

Unbreakable Enterprise kernel-container security update

[5.15.0-1.43.4.1] - net_sched: cls_route: remove from list when handle is 0 (Thadeu Lima de Souza Cascardo) [Orabug: 34460936] {CVE-2022-2588} [5.15.0-1.43.4] - Revert selftests/bpf: add tests verifying unprivileged bpf behaviour (Alan Maguire) [Orabug: 34399286] - Revert selftests/bpf: Add...

CVE-2022-26433

In mailbox, there is a possible out of bounds write due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07138400; Issue ID:...

CVE-2022-26429

In cta, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07025415; Issue ID:...

CVE-2022-26431

In mailbox, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07032553; Issue ID:...

CVE-2022-26434

In mailbox, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07138450; Issue ID:...