corp.mediatek.com
Open in
urlscan Pro
2600:9000:2250:7800:e:118e:5f00:93a1
Public Scan
URL:
https://corp.mediatek.com/product-security-bulletin/July-2022
Submission: On July 15 via api from PL — Scanned from DE
Submission: On July 15 via api from PL — Scanned from DE
Form analysis 2 forms found in the DOM
https://corp.mediatek.com/search/results
<form action="https://corp.mediatek.com/search/results" style="width: 100%">
<input type="search" name="q" placeholder="What are you looking for?">
</form>Name: frmLB1055731 — POST https://lb.benchmarkemail.com//code/lbform
<form style="display:inline;" action="https://lb.benchmarkemail.com//code/lbform" method="post" name="frmLB1055731" accept-charset="UTF-8" onsubmit="return _checkSubmit1055731(this);">
<input type="hidden" name="successurl" value="https://www.benchmarkemail.com/Code/ThankYouOptin">
<input type="hidden" name="errorurl" value="http://lb.benchmarkemail.com//Code/Error">
<input type="hidden" name="token" value="mFcQnoBFKMS8uZJPC65QKVcgGr0xQgnh%2Fjei5kp4ptOEbjMi4LaEbg%3D%3D">
<input type="hidden" name="doubleoptin" value="">
<div class="formbox-title-1055731">JOIN OUR NEWSLETTER</div>
<div class="formbox-body">
<fieldset>
<fieldset class="formbox-field-fname-1055731">
<input type="text" placeholder="First Name *" class="formbox-field-1055731" name="fldfirstname" maxlength="100">
</fieldset>
<fieldset class="formbox-field-add-1055731">
<input type="text" placeholder="Last Name *" class="formbox-field-1055731" name="fldlastname" maxlength="100">
</fieldset>
</fieldset>
<fieldset class="formbox-field-email-1055731">
<input type="text" placeholder="Email Address *" class="formbox-field-1055731" name="fldEmail" maxlength="100">
</fieldset>
<button type="submit" id="btnSubmit" krydebug="1751" class="formbox-button-1055731">SUBMIT</button>
</div>
</form>Text Content
This website stores cookies on your computer. These cookies are used to collect
information about how you interact with our website and allow us to remember
you. We use this information in order to improve and customize your browsing
experience and for analytics and metrics about our visitors both on this website
and other media. To find out more about the cookies we use, see our Privacy
Policy.
If you decline, your information won’t be tracked when you visit this website. A
single cookie will be used in your browser to remember your preference not to be
tracked.
Accept Decline
English
* 简体中文
* 繁體中文
* Products & Technology
* Overview
* Overview
* Overview
* Pumpkin Software
* MiraVision for Smartphones
* Investor Relations
* Financial Information
* Overview
* Monthly Revenue
* Quarterly Earnings Release
* Financial Reports
* Annual Reports
* Overview
* Overview
* 1. Financial Status
* 2. Operating Results
* 3. Cash Flow Analysis
* 4. Major Capital Expenditure
* 5. Investment Policies
* 6. Risk Management
* 1. Condensed Balance Sheet
* 2. Condensed Statements of Comprehensive Income / Statements of
Income
* 3. Auditors’ Opinions from 2012 to 2016
* 4. Five Year Financial Analysis
* 1. Financial Status
* 2. Operating Results
* 3. Cash Flow Analysis
* 4. Major Capital Expenditure
* 5. Investment Policies
* 6. Risk Management
* 1. Condensed Balance Sheet
* 2. Condensed Statements of Comprehensive Income / Statements of
Income
* 3. Auditors’ Opinions from 2011 to 2015
* 4. Five-Year Financial Analysis
* 1. Financial Status
* 2. Operating Results
* 3. Cash Flow Analysis
* 4. Major Capital Expenditure
* 5. Investment Policies
* 6. Risk Management
* 1. Condensed Balance Sheets
* 2. Condensed Statements of Comprehensive Income / Statements of
Income
* 3. Auditors’ Opinions from 2010 to 2014
* 4. Five-Year Financial Analysis
* 1. Financial Status
* 2. Operating Results
* 3. Cash Flow Analysis
* 4. Major Capital Expenditure
* 5. Investment Policies
* 6. Risk Management
* 1. Condensed Balance Sheets
* 2. Condensed Income Statement
* 3. Independent Auditors’ Opinions
* 4. Financial Statements for the Past 5 Years
* Dividend History
* Shareholder Services
* Shareholder Meetings
* Analyst Coverage
* Transfer Agent Contact
* Stock Quote
* Material Information
* M.O.P.S (2454)
* FAQ
* Investor News
* Events Calendar
* Contact Investor Relations
* Corporate Governance
* Overview
* Board of Directors
* Audit Committee
* Remuneration Committee
* Corporate Management
* Internal Auditing
* About
* About MediaTek
* Everyday Genius
* Awards & Recognition
* MediaTek Ventures
* MediaTek Foundation
* Office Locations
* Overview
* China Offices
* Dubai Offices
* Finland Offices
* Germany Offices
* India Offices
* Japan Offices
* Korea Offices
* Singapore Offices
* Sweden Offices
* Taiwan Offices
* United Kingdom Offices
* United States Offices
* Subsidiary Information
* Careers
* Opportunities
* Jobs at MediaTek
* Internships
* Overview
* China
* Overview
* Gan Tang, Wireless Communications Intern
* Han-bin, Wireless Communications Intern
* 王琦
* 黄帅凯
* 李先驰, Wireless Communications Technology Intern
* 王俊, HTD Intern
* 吴波, HTD Intern
* Shangjie, IOT Intern
* Xiye, MB Intern
* Europe
* Overview
* Adamos, Digital Design Verification Intern, Cambourne
(Cambridge), UK
* Alex, Communications Software Automation Intern, Cambourne
(Cambridge), UK
* Jacob, Communications Software Automation Intern, Cambourne
(Cambridge), UK
* Kip, Design Verification Intern, Kent, UK
* Moji, Advanced Digital Communication Systems Modelling intern,
Cambourne (Cambridge), UK
* Sisi, Compute Platform Modelling Intern, Cambourne (Cambridge),
UK
* Sophie, Communications Software Automation Intern, Cambourne
(Cambridge), UK
* India
* Overview
* Subhalaxmi Sahoo, SOC Verification Intern
* Manjunatha, DT Intern
* Korea
* Singapore
* Overview
* Meng Yuan, RF Design Intern
* Skandkumar Sharma, RF Design Intern
* Raahgini Chandrasegaran, Innovation Center Singapore
* Jesslyn, ADCT Department Intern
* Taiwan
* Overview
* Arthur, CSD Intern
* Jia-Jen, RF Design IO Intern
* Jieng-Wuen, Corporate Strategy Intern
* Wen-Wei, Wireless Communications Department Intern
* United States
* Overview
* Ahmad, RF Systems Design Intern
* Thomas, High Performance Technology Intern
* Hsin-Hui, Design Technology Intern
* Michael, WCT Intern
* Tzu-Chien, WCT Intern
* Samuel, SPE Team Intern
* Cho-Hsin, CSD Department Intern
* Contact Us
* Sustainability
* Overview
* Overview
* Chairman’s Remarks
* CSR Committee
* Stakeholder Engagement
* Sustainability Highlights
* Corporate Governance
* Global Presence
* Brand Vision
* Global Operations
* Global Customer Service
* Innovation
* Core Concepts
* Innovation in Practice
* Innovation Achievements
* Talent
* Multinational Distribution
* Best Employer
* Training & Development
* Employee Experience
* Environmental Management
* Sustainable Supply Chain
* Climate Related Risk Management
* Facility Management
* Community Engagement
* Social Innovation
* Making Science Accessible
* Community Involvement
* Report Download
* News
* Press Room
* Media Assets
* Events
* Campaigns
* Blog
* Language
* English
* 简体中文
* 繁體中文
* Home
* Products & Technology
* Investor Relations
* About
* News
* Blog
* July 2022
Announcement
Report Vulnerability
Disclosure Policy
Security Bulletin
Acknowledgements
JULY 2022 PRODUCT SECURITY BULLETIN
Published 2022-07-04
The MediaTek Product Security Bulletin contains details of security
vulnerabilities affecting MediaTek Smartphone, Tablet, AIoT, Smart display,
Smart platform, OTT and TV chipsets. Device OEMs have been notified of all the
issues and the corresponding security patches for at least two months before
publication.
The severity of the identified vulnerabilities was conducted based on the Common
Vulnerability Scoring System version 3.1 (CVSS v3.1).
SUMMARY
Severity CVEs High CVE-2022-20082, CVE-2022-21763, CVE-2022-21764,
CVE-2022-21744, CVE-2022-20083, CVE-2022-21767, CVE-2022-21768 Medium
CVE-2022-21765, CVE-2022-21766, CVE-2022-21769, CVE-2022-21770, CVE-2022-21771,
CVE-2022-21772, CVE-2022-21773, CVE-2022-21774, CVE-2022-21775, CVE-2022-21776,
CVE-2022-21777, CVE-2022-21779, CVE-2022-21780, CVE-2022-21781, CVE-2022-21782,
CVE-2022-21783, CVE-2022-21784, CVE-2022-21785, CVE-2022-21786, CVE-2022-21787
DETAILS
CVE CVE-2022-20082 Title Concurrent execution using shared resource with
improper synchronization ('race condition') in GPU Severity High Vulnerability
Type EoP CWE CWE-362 Concurrent Execution using Shared Resource with Improper
Synchronization ('Race Condition') Description In GPU, there is a possible use
after free due to a race condition. This could lead to local escalation of
privilege with no additional execution privileges needed. User interaction is
not needed for exploitation. Affected Chipsets MT6768, MT6769, MT6781, MT6785,
MT6789, MT6833, MT6853, MT6853T, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885,
MT6889, MT6893, MT6895, MT6983 Affected Software Versions Android 10.0, 11.0,
12.0
CVE CVE-2022-21763 Title Improper access control in telecom service Severity
High Vulnerability Type ID CWE CWE-284 Improper Access Control Description In
telecom service, there is a possible information disclosure due to a missing
permission check. This could lead to local information disclosure with no
additional execution privileges needed. User interaction is not needed for
exploitation. Affected Chipsets MT6739, MT6761, MT6762, MT6763, MT6765, MT6768,
MT6769, MT6771, MT6779, MT6781, MT6785, MT6789, MT6795, MT6797, MT6799, MT6833,
MT6853, MT6853T, MT6873, MT6875, MT6877, MT6879, MT6880, MT6883, MT6885, MT6889,
MT6890, MT6891, MT6893, MT6895, MT6983, MT6985, MT8321, MT8666, MT8667, MT8675,
MT8765, MT8766, MT8768, MT8786, MT8788, MT8789, MT8791, MT8797 Affected Software
Versions Android 10.0, 11.0, 12.0
CVE CVE-2022-21764 Title Improper access control in telecom service Severity
High Vulnerability Type ID CWE CWE-284 Improper Access Control Description In
telecom service, there is a possible information disclosure due to a missing
permission check. This could lead to local information disclosure with no
additional execution privileges needed. User interaction is not needed for
exploitation. Affected Chipsets MT6739, MT6761, MT6762, MT6763, MT6765, MT6768,
MT6769, MT6771, MT6779, MT6781, MT6785, MT6789, MT6795, MT6797, MT6799, MT6833,
MT6853, MT6853T, MT6873, MT6875, MT6877, MT6879, MT6880, MT6883, MT6885, MT6889,
MT6890, MT6891, MT6893, MT6895, MT6983, MT6985, MT8321, MT8666, MT8667, MT8675,
MT8765, MT8766, MT8768, MT8786, MT8788, MT8789, MT8791, MT8797 Affected Software
Versions Android 10.0, 11.0, 12.0
CVE CVE-2022-21744 Title Out-of-bounds write in Modem 2G RR Severity High
Vulnerability Type RCE CWE CWE-787 Out-of-bounds Write Description In Modem 2G
RR, there is a possible out of bounds write due to a missing bounds check. This
could lead to remote code execution when decoding GPRS Packet Neighbour Cell
Data (PNCD) improper neighbouring cell size with no additional execution
privileges needed. User interaction is not needed for exploitation. Affected
Chipsets MT2731, MT2735, MT6297, MT6725, MT6735, MT6737, MT6739, MT6750,
MT6750S, MT6755, MT6757, MT6757P, MT6758, MT6761, MT6762, MT6762D, MT6762M,
MT6763, MT6765, MT6765T, MT6767, MT6768, MT6769, MT6769T, MT6769Z, MT6771,
MT6775, MT6779, MT6781, MT6783, MT6785, MT6785T, MT6789, MT6797, MT6799, MT6833,
MT6853, MT6855, MT6873, MT6875, MT6877, MT6879, MT6880, MT6883, MT6885, MT6889,
MT6890, MT6891, MT6893, MT6895, MT6983, MT8666, MT8667, MT8675, MT8735A,
MT8735B, MT8765, MT8766, MT8768, MT8771, MT8781, MT8786, MT8788, MT8789, MT8791,
MT8797 Affected Software Versions Modem LR9, LR11, LR12, LR12A, LR13, NR15, NR16
CVE CVE-2022-20083 Title Out-of-bounds write in Modem 2G/3G CC Severity High
Vulnerability Type RCE CWE CWE-787 Out-of-bounds Write Description In Modem
2G/3G CC, there is a possible out of bounds write due to a missing bounds check.
This could lead to remote code execution when decoding combined FACILITY with no
additional execution privileges needed. User interaction is not needed for
exploitation. Affected Chipsets MT2731, MT2735, MT6297, MT6725, MT6735, MT6737,
MT6739, MT6750, MT6750S, MT6755, MT6757, MT6757P, MT6758, MT6761, MT6762,
MT6762D, MT6762M, MT6763, MT6765, MT6765T, MT6767, MT6768, MT6769, MT6769T,
MT6769Z, MT6771, MT6775, MT6779, MT6781, MT6783, MT6785, MT6785T, MT6789,
MT6797, MT6799, MT6833, MT6853, MT6855, MT6873, MT6875, MT6877, MT6879, MT6880,
MT6883, MT6885, MT6889, MT6890, MT6891, MT6893, MT6895, MT6983, MT8666, MT8667,
MT8675, MT8735A, MT8735B, MT8765, MT8766, MT8768, MT8771, MT8781, MT8786,
MT8788, MT8789, MT8791, MT8797 Affected Software Versions Modem LR9, LR11, LR12,
LR12A, LR13, NR15, NR16
CVE CVE-2022-21767 Title Heap-based buffer overflow in Bluetooth Severity High
Vulnerability Type EoP CWE CWE-122 Heap-based Buffer Overflow Description In
Bluetooth, there is a possible out of bounds write due to a missing bounds
check. This could lead to local escalation of privilege with no additional
execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets MT8167, MT8175, MT8183, MT8362A, MT8365, MT8385 Affected
Software Versions Android 8.1, 9.0, 10.0, 11.0, 12.0
CVE CVE-2022-21768 Title Heap-based buffer overflow in Bluetooth Severity High
Vulnerability Type EoP CWE CWE-122 Heap-based Buffer Overflow Description In
Bluetooth, there is a possible out of bounds write due to a missing bounds
check. This could lead to local escalation of privilege with no additional
execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets MT8167S, MT8175, MT8183, MT8362A, MT8365, MT8385 Affected
Software Versions Android 8.1, 9.0, 10.0, 11.0, 12.0
CVE CVE-2022-21765 Title Improper input validation in CCCI Severity Medium
Vulnerability Type EoP CWE CWE-20 Improper Input Validation Description In CCCI,
there is a possible out of bounds write due to a missing bounds check. This
could lead to local escalation of privilege with System execution privileges
needed. User interaction is not needed for exploitation. Affected Chipsets
MT6580, MT6735, MT6737, MT6739, MT6753, MT6761, MT6765, MT6768, MT6771, MT6779,
MT6781, MT6785, MT6833, MT6853, MT6873, MT6877, MT6879, MT6883, MT6885, MT6889,
MT6893, MT6895, MT6983, MT8321, MT8666, MT8667, MT8675, MT8765, MT8766, MT8768,
MT8786, MT8788, MT8789, MT8791, MT8797 Affected Software Versions Android 10.0,
11.0, 12.0
CVE CVE-2022-21766 Title Improper input validation in CCCI Severity Medium
Vulnerability Type EoP CWE CWE-20 Improper Input Validation Description In CCCI,
there is a possible out of bounds write due to a missing bounds check. This
could lead to local escalation of privilege with System execution privileges
needed. User interaction is not needed for exploitation. Affected Chipsets
MT6580, MT6735, MT6737, MT6739, MT6753, MT6761, MT6765, MT6768, MT6771, MT6779,
MT6781, MT6785, MT6833, MT6853, MT6873, MT6877, MT6879, MT6883, MT6885, MT6889,
MT6893, MT6895, MT6983, MT8321, MT8666, MT8667, MT8675, MT8765, MT8766, MT8768,
MT8786, MT8788, MT8789, MT8791, MT8797 Affected Software Versions Android 10.0,
11.0, 12.0
CVE CVE-2022-21769 Title Improper input validation in CCCI Severity Medium
Vulnerability Type ID CWE CWE-20 Improper Input Validation Description In CCCI,
there is a possible out of bounds read due to a missing bounds check. This could
lead to local information disclosure with System execution privileges needed.
User interaction is not needed for exploitation. Affected Chipsets MT6580,
MT6735, MT6737, MT6739, MT6753, MT6761, MT6765, MT6768, MT6771, MT6779, MT6781,
MT6785, MT6833, MT6853, MT6873, MT6877, MT6879, MT6883, MT6885, MT6889, MT6893,
MT6895, MT6983, MT8321, MT8666, MT8667, MT8675, MT8765, MT8766, MT8768, MT8786,
MT8788, MT8789, MT8791, MT8797 Affected Software Versions Android 10.0, 11.0,
12.0
CVE CVE-2022-21770 Title Unix symbolic link (symlink) following in sound driver
Severity Medium Vulnerability Type ID CWE CWE-61 UNIX Symbolic Link (Symlink)
Following Description In sound driver, there is a possible information
disclosure due to symlink following. This could lead to local information
disclosure with System execution privileges needed. User interaction is not
needed for exploitation. Affected Chipsets MT6781, MT6877, MT6879, MT6893,
MT6895, MT6983, MT8791, MT8797, MT8798 Affected Software Versions Android 11.0,
12.0
CVE CVE-2022-21771 Title Concurrent execution using shared resource with
improper synchronization ('race condition') in GED driver Severity Medium
Vulnerability Type EoP CWE CWE-362 Concurrent Execution using Shared Resource
with Improper Synchronization ('Race Condition') Description In GED driver,
there is a possible use after free due to a race condition. This could lead to
local escalation of privilege with System execution privileges needed. User
interaction is not needed for exploitation. Affected Chipsets MT6580, MT6735,
MT6737, MT6739, MT6753, MT6761, MT6765, MT6768, MT6771, MT6779, MT6781, MT6785,
MT6789, MT6833, MT6853, MT6853T, MT6873, MT6877, MT6879, MT6883, MT6885, MT6889,
MT6893, MT6895, MT6983, MT8168, MT8365 Affected Software Versions Android 11.0,
12.0
CVE CVE-2022-21772 Title Concurrent execution using shared resource with
improper synchronization ('race condition') in TEEI driver Severity Medium
Vulnerability Type EoP CWE CWE-362 Concurrent Execution using Shared Resource
with Improper Synchronization ('Race Condition') Description In TEEI driver,
there is a possible type confusion due to a race condition. This could lead to
local escalation of privilege with System execution privileges needed. User
interaction is not needed for exploitation. Affected Chipsets MT6761, MT6765,
MT6768, MT6771, MT6779, MT6833, MT6879, MT6885, MT6893, MT6895, MT6983, MT8185,
MT8765, MT8766, MT8768, MT8785, MT8786, MT8788, MT8791, MT8797 Affected Software
Versions Android 11.0, 12.0
CVE CVE-2022-21773 Title Concurrent execution using shared resource with
improper synchronization ('race condition') in TEEI driver Severity Medium
Vulnerability Type EoP CWE CWE-362 Concurrent Execution using Shared Resource
with Improper Synchronization ('Race Condition') Description In TEEI driver,
there is a possible use after free due to a race condition. This could lead to
local escalation of privilege with System execution privileges needed. User
interaction is not needed for exploitation. Affected Chipsets MT6580, MT6735,
MT6737, MT6739, MT6750, MT6750S, MT6755, MT6755S, MT6761, MT6762, MT6763,
MT6765, MT6768, MT6769, MT6771, MT6779, MT6781, MT6785, MT6789, MT6795, MT6797,
MT6833, MT6853, MT6853T, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6889,
MT6890, MT6891, MT6893 Affected Software Versions Android 11.0, 12.0
CVE CVE-2022-21774 Title Concurrent execution using shared resource with
improper synchronization ('race condition') in TEEI driver Severity Medium
Vulnerability Type EoP CWE CWE-362 Concurrent Execution using Shared Resource
with Improper Synchronization ('Race Condition') Description In TEEI driver,
there is a possible use after free due to a race condition. This could lead to
local escalation of privilege with System execution privileges needed. User
interaction is not needed for exploitation. Affected Chipsets MT6761, MT6765,
MT6768, MT6771, MT6779, MT6781, MT6785, MT6833, MT6853, MT6875, MT6877, MT6879,
MT6885, MT6893, MT6895, MT6983 Affected Software Versions Android 11.0, 12.0
CVE CVE-2022-21775 Title Improper synchronization in sched driver Severity
Medium Vulnerability Type EoP CWE CWE-662 Improper Synchronization Description
In sched driver, there is a possible use after free due to improper locking.
This could lead to local escalation of privilege with System execution
privileges needed. User interaction is not needed for exploitation. Affected
Chipsets MT6761, MT6762, MT6763, MT6765, MT6768, MT6769, MT6771, MT6779, MT6781,
MT6785, MT6789, MT6795, MT6797, MT6799, MT6833, MT6853, MT6853T, MT6873, MT6875,
MT6877, MT6879, MT6883, MT6885, MT6889, MT6891, MT6893, MT6895, MT8167, MT8167S,
MT8168, MT8173, MT8185, MT8321, MT8362A, MT8365, MT8385, MT8666, MT8675, MT8768,
MT8786, MT8788, MT8789, MT8791, MT8797 Affected Software Versions Android 11.0,
12.0
CVE CVE-2022-21776 Title Concurrent execution using shared resource with
improper synchronization ('race condition') in MDP Severity Medium Vulnerability
Type EoP CWE CWE-362 Concurrent Execution using Shared Resource with Improper
Synchronization ('Race Condition') Description In MDP, there is a possible use
after free due to a race condition. This could lead to local escalation of
privilege with System execution privileges needed. User interaction is not
needed for exploitation. Affected Chipsets MT6580, MT6739, MT6761, MT6765,
MT6768, MT6771, MT6779, MT6781, MT6785, MT6789, MT6833, MT6853, MT6873, MT6877,
MT6879, MT6883, MT6885, MT6889, MT6893, MT6895, MT8163, MT8167, MT8167S, MT8168,
MT8173, MT8175, MT8183, MT8185, MT8321, MT8362A, MT8365, MT8385, MT8666, MT8667,
MT8675, MT8765, MT8766, MT8768, MT8786, MT8788, MT8791, MT8797, MT8798 Affected
Software Versions Android 11.0, 12.0
CVE CVE-2022-21777 Title Improper access control in Autoboot Severity Medium
Vulnerability Type EoP CWE CWE-284 Improper Access Control Description In
Autoboot, there is a possible permission bypass due to a missing permission
check. This could lead to local escalation of privilege with no additional
execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets MT6580, MT6735, MT6739, MT6761, MT6765, MT6768, MT6771,
MT6779, MT6785, MT6833, MT6853, MT6873, MT6875, MT6877, MT6879, MT6885, MT6891,
MT6893, MT6895, MT6983, MT8167, MT8167S, MT8168, MT8173, MT8175, MT8185, MT8321,
MT8362A, MT8365, MT8385, MT8666, MT8667, MT8675, MT8765, MT8766, MT8768, MT8786,
MT8788, MT8789, MT8791, MT8797 Affected Software Versions Android 11.0, 12.0
CVE CVE-2022-21779 Title Improper input validation in WLAN driver Severity
Medium Vulnerability Type EoP CWE CWE-20 Improper Input Validation Description
In WLAN driver, there is a possible out of bounds write due to a missing bounds
check. This could lead to local escalation of privilege with System execution
privileges needed. User interaction is not needed for exploitation. Affected
Chipsets MT6761, MT6779, MT6781, MT6833, MT6853, MT6873, MT6877, MT6879, MT6883,
MT6885, MT6889, MT6893, MT6895, MT6983, MT8167S, MT8168, MT8175, MT8183, MT8185,
MT8362A, MT8365, MT8385, MT8667, MT8675, MT8696, MT8766, MT8768, MT8786, MT8788,
MT8789, MT8791, MT8797 Affected Software Versions Android 11.0, 12.0
CVE CVE-2022-21780 Title Improper input validation in WLAN driver Severity
Medium Vulnerability Type EoP CWE CWE-20 Improper Input Validation Description
In WLAN driver, there is a possible out of bounds write due to a missing bounds
check. This could lead to local escalation of privilege with System execution
privileges needed. User interaction is not needed for exploitation. Affected
Chipsets MT6761, MT6779, MT6781, MT6833, MT6853, MT6873, MT6877, MT6879, MT6883,
MT6885, MT6889, MT6893, MT6895, MT6983, MT8167S, MT8168, MT8175, MT8183, MT8185,
MT8362A, MT8365, MT8385, MT8667, MT8675, MT8696, MT8766, MT8768, MT8786, MT8788,
MT8789, MT8791, MT8797 Affected Software Versions Android 11.0, 12.0
CVE CVE-2022-21781 Title Improper input validation in WLAN driver Severity
Medium Vulnerability Type EoP CWE CWE-20 Improper Input Validation Description
In WLAN driver, there is a possible out of bounds write due to a missing bounds
check. This could lead to local escalation of privilege with System execution
privileges needed. User interaction is not needed for exploitation. Affected
Chipsets MT6761, MT6779, MT6781, MT6833, MT6853, MT6873, MT6877, MT6879, MT6883,
MT6885, MT6889, MT6893, MT6895, MT6983, MT8167S, MT8168, MT8175, MT8183, MT8185,
MT8362A, MT8365, MT8385, MT8667, MT8675, MT8696, MT8766, MT8768, MT8786, MT8788,
MT8789, MT8791, MT8797 Affected Software Versions Android 11.0, 12.0
CVE CVE-2022-21782 Title Improper input validation in WLAN driver Severity
Medium Vulnerability Type EoP CWE CWE-20 Improper Input Validation Description
In WLAN driver, there is a possible out of bounds write due to a missing bounds
check. This could lead to local escalation of privilege with System execution
privileges needed. User interaction is not needed for exploitation. Affected
Chipsets MT6761, MT6779, MT6781, MT6833, MT6853, MT6873, MT6877, MT6879, MT6883,
MT6885, MT6889, MT6893, MT6895, MT6983, MT8167S, MT8168, MT8175, MT8183, MT8185,
MT8362A, MT8365, MT8385, MT8667, MT8675, MT8696, MT8766, MT8768, MT8786, MT8788,
MT8789, MT8791, MT8797 Affected Software Versions Android 11.0, 12.0
CVE CVE-2022-21783 Title Improper input validation in WLAN driver Severity
Medium Vulnerability Type EoP CWE CWE-20 Improper Input Validation Description
In WLAN driver, there is a possible out of bounds write due to a missing bounds
check. This could lead to local escalation of privilege with System execution
privileges needed. User interaction is not needed for exploitation. Affected
Chipsets MT6761, MT6779, MT6781, MT6833, MT6853, MT6873, MT6877, MT6879, MT6883,
MT6885, MT6889, MT6893, MT6895, MT6983, MT8167S, MT8168, MT8175, MT8183, MT8185,
MT8362A, MT8365, MT8385, MT8667, MT8675, MT8696, MT8766, MT8768, MT8786, MT8788,
MT8789, MT8791, MT8797 Affected Software Versions Android 11.0, 12.0
CVE CVE-2022-21784 Title Improper input validation in WLAN driver Severity
Medium Vulnerability Type EoP CWE CWE-20 Improper Input Validation Description
In WLAN driver, there is a possible out of bounds write due to a missing bounds
check. This could lead to local escalation of privilege with System execution
privileges needed. User interaction is not needed for exploitation. Affected
Chipsets MT6761, MT6779, MT6781, MT6833, MT6853, MT6873, MT6877, MT6879, MT6883,
MT6885, MT6889, MT6893, MT6895, MT6983, MT8167S, MT8168, MT8175, MT8183, MT8185,
MT8362A, MT8365, MT8385, MT8667, MT8675, MT8696, MT8766, MT8768, MT8786, MT8788,
MT8789, MT8791, MT8797 Affected Software Versions Android 11.0, 12.0
CVE CVE-2022-21785 Title Improper input validation in WLAN driver Severity
Medium Vulnerability Type EoP CWE CWE-20 Improper Input Validation Description
In WLAN driver, there is a possible out of bounds write due to a missing bounds
check. This could lead to local escalation of privilege with System execution
privileges needed. User interaction is not needed for exploitation. Affected
Chipsets MT6877, MT6983, MT8167S, MT8168, MT8175, MT8183, MT8185, MT8362A,
MT8365, MT8385, MT8667, MT8675, MT8695, MT8696, MT8766, MT8768, MT8786, MT8788,
MT8789, MT8791, MT8797 Affected Software Versions Android 11.0, 12.0
CVE CVE-2022-21786 Title Incorrect type conversion or cast in audio DSP Severity
Medium Vulnerability Type EoP CWE CWE-704 Incorrect Type Conversion or Cast
Description In audio DSP, there is a possible memory corruption due to improper
casting. This could lead to local escalation of privilege with System execution
privileges needed. User interaction is not needed for exploitation. Affected
Chipsets MT6833, MT6853, MT6873, MT6877, MT6879, MT6885, MT6893, MT6895, MT6983,
MT8791, MT8797, MT8798 Affected Software Versions Android 11.0, 12.0
CVE CVE-2022-21787 Title Improper input validation in audio DSP Severity Medium
Vulnerability Type EoP CWE CWE-20 Improper Input Validation Description In audio
DSP, there is a possible out of bounds write due to a missing bounds check. This
could lead to local escalation of privilege with System execution privileges
needed. User interaction is not needed for exploitation. Affected Chipsets
MT6833, MT6853, MT6873, MT6877, MT6879, MT6885, MT6893, MT6895, MT6983, MT8791,
MT8797, MT8798 Affected Software Versions Android 11.0, 12.0
VULNERABILITY TYPE DEFINITION
Abbreviation Definition RCE Remote Code Execution EoP Elevation of Privilege ID
Information Disclosure DoS Denial of Service N/A Classification not available
VERSIONS
Version Date Description 1.0 July 4, 2022 Bulletin published.
NOTES
Information above is generated only at the time of creation of this Security
Bulletin. The list of affected chipsets could be not complete. For any further
information, device OEMs can reach your MediaTek contact person if needed.
If you want to report a security vulnerability in MediaTek chipsets or products,
please go to Report Security Vulnerability page on MediaTek website.
ABOUT MEDIATEK
About Us Office Locations Careers Contact Us
NEWS
Press Room Blog Media Assets Berita & Media - Indonesia Press Room – ประเทศไทย
Tin tức - Việt Nam
INVESTOR RELATIONS
Financial Information Shareholder Meetings Corporate Governance Investor News
Investor Calendar
DISCOVER
Report Vulnerability MediaTek Foundation MediaTek Ventures
JOIN OUR NEWSLETTER
SUBMIT
Cookie Statement Legal Notice Privacy Policy
© 2022 MediaTek Inc. All Rights Reserved
Please enable JavaScript