The MediaTek Product Security Bulletin contains details of security vulnerabilities affecting MediaTek Smartphone, Tablet, AIoT, Smart display, Smart platform and OTT chipsets. Device OEMs have been notified of all the issues and the corresponding security patches for at least two months before publication.
The severity of the identified vulnerabilities was conducted based on the Common Vulnerability Scoring System version 3.1 (CVSS v3.1).
The severity of the identified vulnerabilities was conducted based on the Common Vulnerability Scoring System version 3.1 (CVSS v3.1).
Summary
Details
| CVE | CVE-2022-20081 |
|---|---|
| Title | Insecure default initialization of resource in A-GPS |
| Severity | High |
| Vulnerability Type | ID |
| CWE | CWE-1188 Insecure Default Initialization of Resource |
| Description | In A-GPS, there is a possible man in the middle attack due to improper certificate validation. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. |
| Affected Chipsets | MT6580, MT6735, MT6737, MT6739, MT6753, MT6761, MT6765, MT6768, MT6771, MT6779, MT6781, MT6785, MT6833, MT6853, MT6873, MT6877, MT6879, MT6883, MT6885, MT6889, MT6893, MT6895, MT6983, MT8666, MT8667, MT8675 |
| Affected Software Versions | Android 10.0, 11.0, 12.0 |
| CVE | CVE-2021-25477 |
|---|---|
| Title | Double free in Modem LTE RRC |
| Severity | High |
| Vulnerability Type | DoS |
| CWE | CWE-415 Double Free |
| Description | In Modem LTE RRC, there is a possible memory corruption due to a double free. This could lead to remote denial of service when decoding an incorrect ASN.1 data with no additional execution privileges needed. User interaction is not needed for exploitation. |
| Affected Chipsets | MT6735, MT6737, MT6739, MT6750S, MT6757, MT6757P, MT6761, MT6762, MT6762D, MT6762M, MT6763, MT6765, MT6765T, MT6767, MT6768, MT6769, MT6769T, MT6769Z, MT6771, MT6779, MT6781, MT6783, MT6785, MT6785T, MT6833, MT6853, MT6873, MT6875, MT6877, MT6880, MT6883, MT6885, MT6889, MT6890, MT6891, MT6893, MT8666, MT8667, MT8675, MT8735A, MT8735B, MT8765, MT8766, MT8768, MT8786, MT8788, MT8789, MT8791, MT8797 |
| Affected Software Versions | Modem LR9, LR11, LR12, LR12A, LR13, NR15 |
| CVE | CVE-2022-20062 |
|---|---|
| Title | Use after free in mdp |
| Severity | Medium |
| Vulnerability Type | EoP |
| CWE | CWE-416 Use After Free |
| Description | In mdp, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is no needed for exploitation. |
| Affected Chipsets | MT6765, MT6785, MT6833, MT6853, MT6853T, MT6873, MT6877, MT6879, MT6885, MT6891, MT6893, MT8163, MT8167, MT8167S, MT8168, MT8173, MT8175, MT8183, MT8185, MT8321, MT8362A, MT8365, MT8385, MT8666, MT8667, MT8675, MT8735A, MT8735B, MT8765, MT8766, MT8768, MT8786, MT8788, MT8789, MT8791, MT8797 |
| Affected Software Versions | Android 11.0, 12.0 |
| CVE | CVE-2022-20063 |
|---|---|
| Title | Out-of-bounds write in atf (spm) |
| Severity | Medium |
| Vulnerability Type | EoP |
| CWE | CWE-787 Out-of-bounds Write |
| Description | In atf (spm), there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. |
| Affected Chipsets | MT6765, MT8385, MT8666, MT8667, MT8766, MT8786, MT8788 |
| Affected Software Versions | Android 9.0, 10.0 |
| CVE | CVE-2022-20064 |
|---|---|
| Title | Out-of-bounds read in ccci |
| Severity | Medium |
| Vulnerability Type | ID |
| CWE | CWE-125 Out-of-bounds Read |
| Description | In ccci, there is a possible leak of kernel pointer due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. |
| Affected Chipsets | MT6580, MT6737, MT6739, MT6761, MT6762, MT6763, MT6765, MT6768, MT6769, MT6779, MT6781, MT6785, MT6789, MT6833, MT6853, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6889, MT6893, MT6895, MT6983, MT6985, MT8321, MT8667, MT8675, MT8765, MT8766, MT8768, MT8786, MT8788, MT8789, MT8797 |
| Affected Software Versions | Android 10.0, 11.0, 12.0 |
| CVE | CVE-2022-20065 |
|---|---|
| Title | Out-of-bounds read in ccci |
| Severity | Medium |
| Vulnerability Type | ID |
| CWE | CWE-125 Out-of-bounds Read |
| Description | In ccci, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. |
| Affected Chipsets | MT6580, MT6737, MT6739, MT6761, MT6762, MT6765, MT6768, MT6769, MT6779, MT6781, MT6785, MT6833, MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6983, MT8321, MT8667, MT8675, MT8765, MT8766, MT8768, MT8786, MT8788, MT8789, MT8797 |
| Affected Software Versions | Android 10.0, 11.0, 12.0 |
| CVE | CVE-2022-20066 |
|---|---|
| Title | Improper handling of exceptional conditions in atf (hwfde) |
| Severity | Medium |
| Vulnerability Type | ID |
| CWE | CWE-755 Improper Handling of Exceptional Conditions |
| Description | In atf (hwfde), there is a possible leak of sensitive information due to incorrect error handling. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. |
| Affected Chipsets | MT8168, MT8365, MT8696 |
| Affected Software Versions | Android 11.0, 12.0 |
| CVE | CVE-2022-20067 |
|---|---|
| Title | Improper input validation in mdp |
| Severity | Medium |
| Vulnerability Type | EoP |
| CWE | CWE-20 Improper Input Validation |
| Description | In mdp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is no needed for exploitation. |
| Affected Chipsets | MT6731, MT6735, MT6739, MT6750, MT6755, MT6755S, MT6757, MT6761, MT6762, MT6763, MT6765, MT6768, MT6769, MT6771, MT6779, MT6785, MT6833, MT6853, MT6853T, MT6873, MT6885, MT6891, MT6893, MT8167, MT8167S, MT8168, MT8173, MT8183, MT8185, MT8321, MT8362A, MT8365, MT8385, MT8666, MT8667, MT8675, MT8735A, MT8735B, MT8765, MT8766, MT8768, MT8786, MT8788, MT8789, MT8791, MT8797 |
| Affected Software Versions | Android 9.0, 10.0, 11.0, 12.0 |
| CVE | CVE-2022-20052 |
|---|---|
| Title | Use after free in mdp |
| Severity | Medium |
| Vulnerability Type | EoP |
| CWE | CWE-416 Use After Free |
| Description | In mdp, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. |
| Affected Chipsets | MT6580, MT6735, MT6737, MT6739, MT6750, MT6753, MT6755, MT6762, MT6763, MT6765, MT6768, MT6769, MT6771, MT6779, MT6781, MT6785, MT6833, MT6853, MT6853T, MT6873, MT6877, MT6885, MT6890, MT6891, MT6893, MT8163, MT8167, MT8167S, MT8168, MT8173, MT8175, MT8183, MT8321, MT8362A, MT8365, MT8385, MT8666, MT8667, MT8735A, MT8735B, MT8765, MT8766, MT8768, MT8786, MT8788 |
| Affected Software Versions | Android 11.0, 12.0 |
| CVE | CVE-2022-20068 |
|---|---|
| Title | Unix symbolic link (symlink) following in mobile_log_d |
| Severity | Medium |
| Vulnerability Type | EoP |
| CWE | CWE-61 UNIX Symbolic Link (Symlink) Following |
| Description | In mobile_log_d, there is a possible symbolic link following due to an improper link resolution. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. |
| Affected Chipsets | MT6731, MT6732, MT6735, MT6737, MT6739, MT6761, MT6762, MT6763, MT6765, MT6768, MT6769, MT6771, MT6779, MT6781, MT6785, MT6795, MT6799, MT6833, MT6853T, MT6873, MT6875, MT6877, MT6880, MT6883, MT6885, MT6889, MT6890, MT6891, MT6893, MT6985, MT8163, MT8167, MT8167S, MT8168, MT8173, MT8175, MT8183, MT8185, MT8321, MT8362A, MT8365, MT8385, MT8666, MT8667, MT8675, MT8735A, MT8735B, MT8765, MT8766, MT8768, MT8786, MT8788, MT8789, MT8791, MT8797 |
| Affected Software Versions | Android 10.0, 11.0, 12.0 |
| CVE | CVE-2022-20069 |
|---|---|
| Title | Integer overflow or wraparound in preloader (usb) |
| Severity | Medium |
| Vulnerability Type | EoP |
| CWE | CWE-190 Integer Overflow or Wraparound |
| Description | In preloader (usb), there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege, for an attacker who has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. |
| Affected Chipsets | MT6580, MT6735, MT6739, MT6761, MT6762, MT6763, MT6765, MT6768, MT6769, MT6771, MT6779, MT6781, MT6785, MT6799, MT6833, MT6853, MT6853T, MT6873, MT6877, MT6885, MT6893, MT6983, MT8167, MT8167S, MT8168, MT8173, MT8175, MT8183, MT8185, MT8321, MT8362A, MT8365, MT8385, MT8666, MT8667, MT8675, MT8695, MT8696, MT8765, MT8766, MT8768, MT8786, MT8788, MT8789, MT8791, MT8797 |
| Affected Software Versions | Android 10.0, 11.0, 12.0 |
| CVE | CVE-2022-20070 |
|---|---|
| Title | Improper input validation in ssmr |
| Severity | Medium |
| Vulnerability Type | EoP |
| CWE | CWE-20 Improper Input Validation |
| Description | In ssmr, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is no needed for exploitation. |
| Affected Chipsets | MT6731, MT6732, MT6735, MT6737, MT6739, MT6750, MT6750S, MT6752, MT6753, MT6755, MT6755S, MT6757, MT6757C, MT6757CD, MT6757CH, MT6758, MT6761, MT6762, MT6763, MT6765, MT6768, MT6769, MT6771, MT6779, MT6781, MT6785, MT6789, MT6795, MT6797, MT6799, MT6833, MT6853, MT6853T, MT6873, MT6875, MT6877, MT6879, MT6880, MT6883, MT6885, MT6889, MT6890, MT6891, MT6893, MT6895, MT6983, MT6985 |
| Affected Software Versions | Android 11.0, 12.0 |
| CVE | CVE-2022-20071 |
|---|---|
| Title | Improperly implemented security check for standard in ccu |
| Severity | Medium |
| Vulnerability Type | EoP |
| CWE | CWE-358 Improperly Implemented Security Check for Standard |
| Description | In ccu, there is a possible escalation of privilege due to a missing certificate validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is no needed for exploitation. |
| Affected Chipsets | MT6833, MT6853, MT6873, MT6877, MT6885, MT6893, MT8797 |
| Affected Software Versions | Android 11.0, 12.0 |
| CVE | CVE-2022-20072 |
|---|---|
| Title | Incorrect comparison in search engine service |
| Severity | Medium |
| Vulnerability Type | EoP |
| CWE | CWE-697 Incorrect Comparison |
| Description | In search engine service, there is a possible way to change the default search engine due to an incorrect comparison. This could lead to local escalation of privilege with System execution privileges needed. User interaction is no needed for exploitation. |
| Affected Chipsets | MT6580, MT6735, MT6737, MT6739, MT6753, MT6755, MT6755S, MT6761, MT6765, MT6768, MT6769, MT6771, MT6779, MT6781, MT6785, MT6789, MT6795, MT6797, MT6799, MT6833, MT6853, MT6853T, MT6873, MT6875, MT6877, MT6879, MT6880, MT6883, MT6885, MT6889, MT6890, MT6891, MT6893, MT6895, MT6983, MT6985, MT8167, MT8167S, MT8168, MT8173, MT8175, MT8183, MT8185, MT8321, MT8362A, MT8365, MT8385, MT8675, MT8765, MT8766, MT8768, MT8786, MT8788, MT8791, MT8797 |
| Affected Software Versions | Android 11.0, 12.0 |
| CVE | CVE-2022-20073 |
|---|---|
| Title | Integer underflow (wrap or wraparound) in preloader (usb) |
| Severity | Medium |
| Vulnerability Type | EoP |
| CWE | CWE-191 Integer Underflow (Wrap or Wraparound) |
| Description | In preloader (usb), there is a possible out of bounds write due to a integer underflow. This could lead to local escalation of privilege, for an attacker who has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. |
| Affected Chipsets | MT2601, MT6580, MT6735, MT6739, MT6761, MT6763, MT6765, MT6768, MT6771, MT6779, MT6781, MT6785, MT6799, MT6833, MT6873, MT6877, MT6885, MT6893, MT8163, MT8167, MT8167S, MT8168, MT8173, MT8175, MT8183, MT8185, MT8321, MT8362A, MT8365, MT8385, MT8666, MT8667, MT8675, MT8695, MT8696, MT8765, MT8766, MT8768, MT8786, MT8788, MT8789, MT8791, MT8797 |
| Affected Software Versions | Android 10.0, 11.0, 12.0 |
| CVE | CVE-2022-20074 |
|---|---|
| Title | Out-of-bounds read in preloader (partition) |
| Severity | Medium |
| Vulnerability Type | EoP |
| CWE | CWE-125 Out-of-bounds Read |
| Description | In preloader (partition), there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, for an attacker who has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. |
| Affected Chipsets | MT6761, MT6762, MT6763, MT6765, MT6768, MT6769, MT6779, MT6833, MT6853, MT6853T, MT6873, MT6875, MT6877, MT6879, MT6880, MT6883, MT6885, MT6889, MT6890, MT6891, MT6893, MT6895, MT6983, MT6985, MT8185, MT8321, MT8385, MT8667, MT8675, MT8695, MT8766, MT8768, MT8786, MT8788, MT8789, MT8791, MT8797 |
| Affected Software Versions | Android 10.0, 11.0, 12.0 |
| CVE | CVE-2022-20075 |
|---|---|
| Title | Integer overflow or wraparound in ged |
| Severity | Medium |
| Vulnerability Type | EoP |
| CWE | CWE-190 Integer Overflow or Wraparound |
| Description | In ged, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. |
| Affected Chipsets | MT6580, MT6731, MT6735, MT6750S, MT6753, MT6755S, MT6757, MT6757C, MT6757CD, MT6757CH, MT6761, MT6762, MT6763, MT6765, MT6768, MT6769, MT6771, MT6779, MT6781, MT6785, MT6833, MT6853, MT6853T, MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893, MT8127, MT8135, MT8163, MT8167, MT8167S, MT8168, MT8173, MT8175, MT8176, MT8183, MT8312C, MT8312D, MT8321, MT8362A, MT8365, MT8382, MT8385, MT8389, MT8392, MT8392_90, MT8665, MT8685, MT8693, MT8735, MT8735B, MT8735M, MT8752, MT8765, MT8783, MT8785, MT8788 |
| Affected Software Versions | Android 10.0, 11.0, 12.0 |
| CVE | CVE-2022-20076 |
|---|---|
| Title | Improper handling of exceptional conditions in ged |
| Severity | Medium |
| Vulnerability Type | ID |
| CWE | CWE-755 Improper Handling of Exceptional Conditions |
| Description | In ged, there is a possible memory corruption due to an incorrect error handling. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. |
| Affected Chipsets | MT6580, MT6731, MT6735, MT6750S, MT6753, MT6755S, MT6757, MT6757C, MT6757CD, MT6757CH, MT6761, MT6762, MT6763, MT6765, MT6768, MT6769, MT6771, MT6779, MT6781, MT6785, MT6833, MT6853, MT6853T, MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893, MT8127, MT8135, MT8163, MT8167, MT8167S, MT8168, MT8173, MT8175, MT8176, MT8183, MT8312C, MT8312D, MT8321, MT8362A, MT8365, MT8382, MT8385, MT8389, MT8392, MT8392_90, MT8665, MT8685, MT8693, MT8735, MT8735B, MT8735M, MT8752, MT8765, MT8783, MT8785, MT8788 |
| Affected Software Versions | Android 10.0, 11.0, 12.0 |
| CVE | CVE-2022-20077 |
|---|---|
| Title | Concurrent execution using shared resource with improper synchronization ('race condition') in vow |
| Severity | Medium |
| Vulnerability Type | EoP |
| CWE | CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') |
| Description | In vow, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is no needed for exploitation. |
| Affected Chipsets | MT6781, MT6785, MT6833, MT6853, MT6853T, MT6873, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893, MT8185, MT8789, MT8791, MT8797 |
| Affected Software Versions | Android 10.0, 11.0 |
| CVE | CVE-2022-20078 |
|---|---|
| Title | Concurrent execution using shared resource with improper synchronization ('race condition') in vow |
| Severity | Medium |
| Vulnerability Type | EoP |
| CWE | CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') |
| Description | In vow, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is no needed for exploitation. |
| Affected Chipsets | MT6833, MT6853, MT6853T, MT6873, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893, MT8791, MT8797 |
| Affected Software Versions | Android 11.0, 12.0 |
| CVE | CVE-2022-20079 |
|---|---|
| Title | Improper input validation in vow |
| Severity | Medium |
| Vulnerability Type | ID |
| CWE | CWE-20 Improper Input Validation |
| Description | In vow, there is a possible read of uninitialized data due to a improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is no needed for exploitation. |
| Affected Chipsets | MT6781, MT6785, MT6833, MT6853, MT6853T, MT6873, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893, MT8185, MT8789, MT8791, MT8797 |
| Affected Software Versions | Android 10.0, 11.0 |
| CVE | CVE-2022-20080 |
|---|---|
| Title | Concurrent execution using shared resource with improper synchronization ('race condition') in SUB2AF |
| Severity | Medium |
| Vulnerability Type | EoP |
| CWE | CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') |
| Description | In SUB2AF, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is no needed for exploitation. |
| Affected Chipsets | MT6580, MT6735, MT6737, MT6739, MT6753, MT6757, MT6761, MT6763, MT6765, MT6768, MT6771, MT6779, MT6781, MT6785, MT6833, MT6853, MT6873, MT6877, MT6883, MT6885, MT6889, MT6893, MT8168, MT8321, MT8365, MT8666, MT8765, MT8766, MT8768, MT8786, MT8788, MT8791, MT8797 |
| Affected Software Versions | Android 9.0, 10.0, 11.0, 12.0 |
Vulnerability Type Definition
| Abbreviation | Definition |
|---|---|
| RCE | Remote Code Execution |
| EoP | Elevation of Privilege |
| ID | Information Disclosure |
| DoS | Denial of Service |
| N/A | Classification not available |
Versions
| Version | Date | Description |
| 1.0 | April 6, 2022 | Bulletin published. |
Notes
Information above is generated only at the time of creation of this Security Bulletin. The list of affected chipsets could be not complete. For any further information, device OEMs can reach your MediaTek contact person if needed.
If you want to report a security vulnerability in MediaTek chipsets or products, please go to Report Security Vulnerability page on MediaTek website.
If you want to report a security vulnerability in MediaTek chipsets or products, please go to Report Security Vulnerability page on MediaTek website.