CVE-2022-20012 - NVD | ByteOS Network

NVD Vulnerability Details :

CVE-2022-20012

Analyzed

More Info Official Page

Source-security@mediatek.com

Published At-04 Jan, 2022 | 16:15

Updated At-11 Jan, 2022 | 19:56

In mdp driver, there is a possible memory corruption due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05836478; Issue ID: ALPS05836478.

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.1	7.8	HIGH	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary	2.0	4.6	MEDIUM	AV:L/AC:L/Au:N/C:P/I:P/A:P

Type: Primary

Version: 3.1

Base score: 7.8

Base severity: HIGH

Vector:

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Type: Primary

Version: 2.0

Base score: 4.6

Base severity: MEDIUM

Vector:

AV:L/AC:L/Au:N/C:P/I:P/A:P

CPE Matches

cpe:2.3:h:mediatek:mt6580:-:*:*:*:*:*:*:*

cpe:2.3:h:mediatek:mt6739:-:*:*:*:*:*:*:*

cpe:2.3:h:mediatek:mt6750:-:*:*:*:*:*:*:*

cpe:2.3:h:mediatek:mt6750s:-:*:*:*:*:*:*:*

cpe:2.3:h:mediatek:mt6753:-:*:*:*:*:*:*:*

cpe:2.3:h:mediatek:mt6755:-:*:*:*:*:*:*:*

cpe:2.3:h:mediatek:mt6757:-:*:*:*:*:*:*:*

cpe:2.3:h:mediatek:mt6761:-:*:*:*:*:*:*:*

cpe:2.3:h:mediatek:mt6762:-:*:*:*:*:*:*:*

cpe:2.3:h:mediatek:mt6765:-:*:*:*:*:*:*:*

cpe:2.3:h:mediatek:mt6768:-:*:*:*:*:*:*:*

cpe:2.3:h:mediatek:mt6769:-:*:*:*:*:*:*:*

cpe:2.3:h:mediatek:mt6771:-:*:*:*:*:*:*:*

cpe:2.3:h:mediatek:mt6779:-:*:*:*:*:*:*:*

cpe:2.3:h:mediatek:mt6785:-:*:*:*:*:*:*:*

cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*

cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*

cpe:2.3:h:mediatek:mt6853t:-:*:*:*:*:*:*:*

cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*

cpe:2.3:h:mediatek:mt6875:-:*:*:*:*:*:*:*

cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*

cpe:2.3:h:mediatek:mt6883:-:*:*:*:*:*:*:*

cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*

cpe:2.3:h:mediatek:mt6889:-:*:*:*:*:*:*:*

cpe:2.3:h:mediatek:mt6891:-:*:*:*:*:*:*:*

cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*

cpe:2.3:h:mediatek:mt8127:-:*:*:*:*:*:*:*

cpe:2.3:h:mediatek:mt8163:-:*:*:*:*:*:*:*

cpe:2.3:h:mediatek:mt8167:-:*:*:*:*:*:*:*

cpe:2.3:h:mediatek:mt8168:-:*:*:*:*:*:*:*

cpe:2.3:h:mediatek:mt8169:-:*:*:*:*:*:*:*

cpe:2.3:h:mediatek:mt8173:-:*:*:*:*:*:*:*

cpe:2.3:h:mediatek:mt8183:-:*:*:*:*:*:*:*

cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*

cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*

cpe:2.3:h:mediatek:mt8321:-:*:*:*:*:*:*:*

cpe:2.3:h:mediatek:mt8362a:-:*:*:*:*:*:*:*

cpe:2.3:h:mediatek:mt8365:-:*:*:*:*:*:*:*

cpe:2.3:h:mediatek:mt8385:-:*:*:*:*:*:*:*

cpe:2.3:h:mediatek:mt8765:-:*:*:*:*:*:*:*

cpe:2.3:h:mediatek:mt8788:-:*:*:*:*:*:*:*

>>android>>10.0

cpe:2.3:o:google:android:10.0:*:*:*:*:*:*:*

>>android>>11.0

cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*

>>android>>12.0

cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-190	Primary	nvd@nist.gov

CWE ID: CWE-190

Type: Primary

Source: nvd@nist.gov

References

Hyperlink	Source	Resource
https://corp.mediatek.com/product-security-bulletin/January-2022	security@mediatek.com	Vendor Advisory

Hyperlink: https://corp.mediatek.com/product-security-bulletin/January-2022

Source: security@mediatek.com

Resource:

Vendor Advisory