The MediaTek Product Security Bulletin contains details of security vulnerabilities affecting MediaTek Smartphone, Tablet, AIoT, Smart display, Smart platform, OTT and TV chipsets. Device OEMs have been notified of all the issues and the corresponding security patches for at least two months before publication.
The severity of the identified vulnerabilities was conducted based on the Common Vulnerability Scoring System version 3.1 (CVSS v3.1).
The severity of the identified vulnerabilities was conducted based on the Common Vulnerability Scoring System version 3.1 (CVSS v3.1).
Summary
| Severity | CVEs |
|---|---|
| High | CVE-2022-20047, CVE-2022-20048, CVE-2022-20053 |
| Medium | CVE-2022-20049, CVE-2022-20050, CVE-2022-20051, CVE-2022-20054, CVE-2022-20055, CVE-2022-20056, CVE-2022-20057, CVE-2022-20058, CVE-2022-20059, CVE-2022-20060 |
Details
| CVE | CVE-2022-20047 |
|---|---|
| Title | Out-of-bounds write in video decoder |
| Severity | High |
| Vulnerability Type | EoP |
| CWE | CWE-787 Out-of-bounds Write |
| Description | In video decoder, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. |
| Affected Chipsets | MT5816, MT5835, MT6885, MT6893, MT9900, MT9901, MT9950, MT9969, MT9970, MT9980 |
| Affected Software Versions | Android 10.0, 11.0, 12.0 |
| CVE | CVE-2022-20048 |
|---|---|
| Title | Out-of-bounds write in video decoder |
| Severity | High |
| Vulnerability Type | EoP |
| CWE | CWE-787 Out-of-bounds Write |
| Description | In video decoder, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. |
| Affected Chipsets | MT5816, MT5835, MT6885, MT6893, MT9900, MT9901, MT9950, MT9969, MT9970, MT9980 |
| Affected Software Versions | Android 10.0, 11.0, 12.0 |
| CVE | CVE-2022-20053 |
|---|---|
| Title | Missing authorization in ims service |
| Severity | High |
| Vulnerability Type | EoP |
| CWE | CWE-862 Missing Authorization |
| Description | In ims service, there is a possible escalation of privilege due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. |
| Affected Chipsets | MT6731, MT6732, MT6735, MT6737, MT6739, MT6750, MT6750S, MT6752, MT6753, MT6755, MT6755S, MT6757, MT6758, MT6761, MT6762, MT6763, MT6765, MT6768, MT6769, MT6771, MT6779, MT6781, MT6785, MT6795, MT6797, MT6799, MT6833, MT6853, MT6853T, MT6873, MT6875, MT6877, MT6880, MT6883, MT6885, MT6889, MT6890, MT6891, MT6893, MT8167, MT8168, MT8173, MT8183, MT8185, MT8321, MT8362A, MT8365, MT8385, MT8666, MT8667, MT8675, MT8765, MT8766, MT8768, MT8786, MT8788, MT8789, MT8791, MT8797 |
| Affected Software Versions | Android 9.0, 10.0, 11.0, 12.0 |
| CVE | CVE-2022-20049 |
|---|---|
| Title | Improper access control in vpu |
| Severity | Medium |
| Vulnerability Type | EoP |
| CWE | CWE-284 Improper Access Control |
| Description | In vpu, there is a possible escalation of privilege due to a missing permission check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. |
| Affected Chipsets | MT6779, MT6785, MT6853, MT6853T, MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893, MT8168, MT8175, MT8183, MT8185, MT8362A, MT8365, MT8385, MT8788 |
| Affected Software Versions | Android 10.0, 11.0 |
| CVE | CVE-2022-20050 |
|---|---|
| Title | Unix symbolic link (symlink) following in connsyslogger |
| Severity | Medium |
| Vulnerability Type | EoP |
| CWE | CWE-61 UNIX Symbolic Link (Symlink) Following |
| Description | In connsyslogger, there is a possible symbolic link following due to improper link resolution. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. |
| Affected Chipsets | MT6762, MT6765, MT6768, MT6769, MT6779, MT6781, MT6785, MT6795, MT6797, MT6799, MT6833, MT6853, MT6853T, MT6873, MT6875, MT6877, MT6880, MT6883, MT6885, MT6889, MT6891, MT6893, MT8163, MT8167, MT8167S, MT8168, MT8173, MT8175, MT8183, MT8185, MT8321, MT8362A, MT8365, MT8385, MT8666, MT8667, MT8675, MT8696, MT8735A, MT8735B, MT8765, MT8766, MT8768, MT8786, MT8788, MT8789, MT8791, MT8797 |
| Affected Software Versions | Android 11.0, 12.0 |
| CVE | CVE-2022-20051 |
|---|---|
| Title | Incorrect privilege assignment in ims service |
| Severity | Medium |
| Vulnerability Type | DoS |
| CWE | CWE-266 Incorrect Privilege Assignment |
| Description | In ims service, there is a possible unexpected application behavior due to incorrect privilege assignment. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. |
| Affected Chipsets | MT6731, MT6732, MT6735, MT6737, MT6739, MT6750, MT6750S, MT6752, MT6753, MT6755, MT6755S, MT6757, MT6757C, MT6757CD, MT6757CH, MT6758, MT6761, MT6762, MT6763, MT6765, MT6768, MT6769, MT6771, MT6779, MT6781, MT6785, MT6795, MT6797, MT6799, MT6833, MT6853, MT6853T, MT6873, MT6875, MT6877, MT6880, MT6883, MT6885, MT6889, MT6890, MT6891, MT6893, MT8167, MT8168, MT8173, MT8183, MT8185, MT8321, MT8362A, MT8365, MT8385, MT8666, MT8667, MT8675, MT8765, MT8766, MT8768, MT8786, MT8788, MT8789, MT8791, MT8797 |
| Affected Software Versions | Android 11.0, 12.0 |
| CVE | CVE-2022-20054 |
|---|---|
| Title | Missing authorization in ims service |
| Severity | Medium |
| Vulnerability Type | EoP |
| CWE | CWE-862 Missing Authorization |
| Description | In ims service, there is a possible AT command injection due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. |
| Affected Chipsets | MT6580, MT6739, MT6750, MT6761, MT6762, MT6763, MT6765, MT6768, MT6771, MT6779, MT8167, MT8168, MT8173, MT8183, MT8185, MT8321, MT8362A, MT8365, MT8385, MT8666, MT8667, MT8675, MT8765, MT8766, MT8768, MT8786, MT8788, MT8789, MT8791, MT8797 |
| Affected Software Versions | Android 9.0, 10.0, 11.0, 12.0 |
| CVE | CVE-2022-20055 |
|---|---|
| Title | Out-of-bounds write in preloader (usb) |
| Severity | Medium |
| Vulnerability Type | EoP |
| CWE | CWE-787 Out-of-bounds Write |
| Description | In preloader (usb), there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, for an attacker who has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. |
| Affected Chipsets | MT6761, MT6762, MT6765, MT6768, MT6771, MT6779, MT6781, MT6785, MT6833, MT6853, MT6853T, MT6873, MT6877, MT6885, MT6893, MT8183, MT8185, MT8321, MT8385, MT8666, MT8667, MT8675, MT8735A, MT8735B, MT8765, MT8766, MT8768, MT8786, MT8788, MT8789, MT8791, MT8797 |
| Affected Software Versions | Android 10.0, 11.0, 12.0 |
| CVE | CVE-2022-20056 |
|---|---|
| Title | Out-of-bounds write in preloader (usb) |
| Severity | Medium |
| Vulnerability Type | EoP |
| CWE | CWE-787 Out-of-bounds Write |
| Description | In preloader (usb), there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, for an attacker who has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. |
| Affected Chipsets | MT6761, MT6762, MT6765, MT6768, MT6771, MT6779, MT6781, MT6785, MT6833, MT6853, MT6853T, MT6873, MT6877, MT6885, MT6893, MT8183, MT8185, MT8321, MT8385, MT8666, MT8667, MT8675, MT8735A, MT8735B, MT8765, MT8766, MT8768, MT8786, MT8788, MT8789, MT8791, MT8797 |
| Affected Software Versions | Android 10.0, 11.0, 12.0 |
| CVE | CVE-2022-20057 |
|---|---|
| Title | Detection of error condition without action in btif |
| Severity | Medium |
| Vulnerability Type | EoP |
| CWE | CWE-390 Detection of Error Condition Without Action |
| Description | In btif, there is a possible memory corruption due to incorrect error handling. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. |
| Affected Chipsets | MT6739, MT6758, MT6761, MT6765, MT6768, MT6769, MT6771, MT6779, MT6781, MT6785, MT6833, MT6853, MT6853T, MT6873, MT6883, MT6893, MT8163, MT8167, MT8168, MT8173, MT8362A, MT8365 |
| Affected Software Versions | Android 11.0, 12.0 |
| CVE | CVE-2022-20058 |
|---|---|
| Title | Out-of-bounds write in preloader (usb) |
| Severity | Medium |
| Vulnerability Type | EoP |
| CWE | CWE-787 Out-of-bounds Write |
| Description | In preloader (usb), there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, for an attacker who has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. |
| Affected Chipsets | MT6761, MT6762, MT6765, MT6768, MT6771, MT6779, MT6781, MT6785, MT6833, MT6853, MT6853T, MT6873, MT6877, MT6885, MT6893, MT8183, MT8185, MT8321, MT8385, MT8666, MT8667, MT8675, MT8735A, MT8735B, MT8765, MT8766, MT8768, MT8786, MT8788, MT8789, MT8791, MT8797 |
| Affected Software Versions | Android 10.0, 11.0, 12.0 |
| CVE | CVE-2022-20059 |
|---|---|
| Title | Out-of-bounds write in preloader (usb) |
| Severity | Medium |
| Vulnerability Type | EoP |
| CWE | CWE-787 Out-of-bounds Write |
| Description | In preloader (usb), there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, for an attacker who has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. |
| Affected Chipsets | MT6761, MT6762, MT6765, MT6768, MT6771, MT6779, MT6781, MT6785, MT6833, MT6853, MT6853T, MT6873, MT6875, MT6877, MT6885, MT6889, MT6893, MT8183, MT8185, MT8321, MT8385, MT8666, MT8667, MT8675, MT8735A, MT8735B, MT8765, MT8766, MT8768, MT8786, MT8788, MT8789, MT8791, MT8797 |
| Affected Software Versions | Android 10.0, 11.0, 12.0 |
| CVE | CVE-2022-20060 |
|---|---|
| Title | Security flow issues in preloader (usb) |
| Severity | Medium |
| Vulnerability Type | EoP |
| CWE | CWE-1196 Security Flow Issues |
| Description | In preloader (usb), there is a possible permission bypass due to a missing proper image authentication. This could lead to local escalation of privilege, for an attacker who has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. |
| Affected Chipsets | MT6761, MT6762, MT6765, MT6768, MT6771, MT6779, MT6781, MT6785, MT6833, MT6853, MT6873, MT6875, MT6877, MT6885, MT6889, MT6893, MT8183, MT8185, MT8321, MT8385, MT8666, MT8667, MT8675, MT8735A, MT8735B, MT8765, MT8766, MT8768, MT8786, MT8788, MT8789, MT8791, MT8797 |
| Affected Software Versions | Android 10.0, 11.0, 12.0 |
Vulnerability Type Definition
| Abbreviation | Definition |
|---|---|
| RCE | Remote Code Execution |
| EoP | Elevation of Privilege |
| ID | Information Disclosure |
| DoS | Denial of Service |
| N/A | Classification not available |
Versions
| Version | Date | Description |
| 1.0 | March 7, 2022 | Bulletin published. |
Notes
Information above is generated only at the time of creation of this Security Bulletin. The list of affected chipsets could be not complete. For any further information, device OEMs can reach your MediaTek contact person if needed.
If you want to report a security vulnerability in MediaTek chipsets or products, please go to Report Security Vulnerability page on MediaTek website.
If you want to report a security vulnerability in MediaTek chipsets or products, please go to Report Security Vulnerability page on MediaTek website.