Vulnerability CVE-2022-20076 - CERT Civis.Net

Vulnerability Name:

CVE-2022-20076 (CCN-223985)

Assigned:

2021-10-12

Published:

2022-04-06

Updated:

2022-04-18

Summary:

In ged, there is a possible memory corruption due to an incorrect error handling. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05838808; Issue ID: ALPS05839556.

CVSS v3 Severity:

4.4 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N)
3.9 Low (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): High User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): None Availibility (A): None

4.4 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N)
3.9 Low (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): High User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): None Availibility (A): None

CVSS v2 Severity:

2.1 Low (CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): None Availibility (A): None

4.6 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:S/C:C/I:N/A:N)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Athentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): Complete Integrity (I): None Availibility (A): None

Vulnerability Type:

Vulnerability Consequences:

Gain Privileges

References:

Source: MITRE
Type: CNA
CVE-2022-20076

Source: CCN
Type: MediaTek Web site
April 2022 Product Security Bulletin

Source: MISC
Type: Vendor Advisory
https://corp.mediatek.com/product-security-bulletin/April-2022

Source: XF
Type: UNKNOWN
mediatek-cve202220076-info-disc(223985)

Vulnerable Configuration:

Configuration 1:

cpe:/o:google:android:10.0:*:*:*:*:*:*:*

OR cpe:/o:google:android:11.0:*:*:*:*:*:*:*

OR cpe:/o:google:android:12.0:*:*:*:*:*:*:*

AND

cpe:/h:mediatek:mt6580:-:*:*:*:*:*:*:*

OR cpe:/h:mediatek:mt6731:-:*:*:*:*:*:*:*

OR cpe:/h:mediatek:mt6735:-:*:*:*:*:*:*:*

OR cpe:/h:mediatek:mt6750s:-:*:*:*:*:*:*:*

OR cpe:/h:mediatek:mt6753:-:*:*:*:*:*:*:*

OR cpe:/h:mediatek:mt6755s:-:*:*:*:*:*:*:*

OR cpe:/h:mediatek:mt6757:-:*:*:*:*:*:*:*

OR cpe:/h:mediatek:mt6757c:-:*:*:*:*:*:*:*

OR cpe:/h:mediatek:mt6757cd:-:*:*:*:*:*:*:*

OR cpe:/h:mediatek:mt6757ch:-:*:*:*:*:*:*:*

OR cpe:/h:mediatek:mt6761:-:*:*:*:*:*:*:*

OR cpe:/h:mediatek:mt6762:-:*:*:*:*:*:*:*

OR cpe:/h:mediatek:mt6763:-:*:*:*:*:*:*:*

OR cpe:/h:mediatek:mt6765:-:*:*:*:*:*:*:*

OR cpe:/h:mediatek:mt6768:-:*:*:*:*:*:*:*

OR cpe:/h:mediatek:mt6769:-:*:*:*:*:*:*:*

OR cpe:/h:mediatek:mt6771:-:*:*:*:*:*:*:*

OR cpe:/h:mediatek:mt6779:-:*:*:*:*:*:*:*

OR cpe:/h:mediatek:mt6781:-:*:*:*:*:*:*:*

OR cpe:/h:mediatek:mt6785:-:*:*:*:*:*:*:*

OR cpe:/h:mediatek:mt6833:-:*:*:*:*:*:*:*

OR cpe:/h:mediatek:mt6853:-:*:*:*:*:*:*:*

OR cpe:/h:mediatek:mt6853t:-:*:*:*:*:*:*:*

OR cpe:/h:mediatek:mt6873:-:*:*:*:*:*:*:*

OR cpe:/h:mediatek:mt6875:-:*:*:*:*:*:*:*

OR cpe:/h:mediatek:mt6877:-:*:*:*:*:*:*:*

OR cpe:/h:mediatek:mt6883:-:*:*:*:*:*:*:*

OR cpe:/h:mediatek:mt6885:-:*:*:*:*:*:*:*

OR cpe:/h:mediatek:mt6889:-:*:*:*:*:*:*:*

OR cpe:/h:mediatek:mt6891:-:*:*:*:*:*:*:*

OR cpe:/h:mediatek:mt6893:-:*:*:*:*:*:*:*

OR cpe:/h:mediatek:mt8127:-:*:*:*:*:*:*:*

OR cpe:/h:mediatek:mt8135:-:*:*:*:*:*:*:*

OR cpe:/h:mediatek:mt8163:-:*:*:*:*:*:*:*

OR cpe:/h:mediatek:mt8167:-:*:*:*:*:*:*:*

OR cpe:/h:mediatek:mt8167s:-:*:*:*:*:*:*:*

OR cpe:/h:mediatek:mt8168:-:*:*:*:*:*:*:*

OR cpe:/h:mediatek:mt8173:-:*:*:*:*:*:*:*

OR cpe:/h:mediatek:mt8175:-:*:*:*:*:*:*:*

OR cpe:/h:mediatek:mt8176:-:*:*:*:*:*:*:*

OR cpe:/h:mediatek:mt8183:-:*:*:*:*:*:*:*

OR cpe:/h:mediatek:mt8312c:-:*:*:*:*:*:*:*

OR cpe:/h:mediatek:mt8312d:-:*:*:*:*:*:*:*

OR cpe:/h:mediatek:mt8321:-:*:*:*:*:*:*:*

OR cpe:/h:mediatek:mt8362a:-:*:*:*:*:*:*:*

OR cpe:/h:mediatek:mt8365:-:*:*:*:*:*:*:*

OR cpe:/h:mediatek:mt8382:-:*:*:*:*:*:*:*

OR cpe:/h:mediatek:mt8385:-:*:*:*:*:*:*:*

OR cpe:/h:mediatek:mt8389:-:*:*:*:*:*:*:*

OR cpe:/h:mediatek:mt8392:-:*:*:*:*:*:*:*

OR cpe:/h:mediatek:mt8392_90:-:*:*:*:*:*:*:*

OR cpe:/h:mediatek:mt8665:-:*:*:*:*:*:*:*

OR cpe:/h:mediatek:mt8685:-:*:*:*:*:*:*:*

OR cpe:/h:mediatek:mt8693:-:*:*:*:*:*:*:*

OR cpe:/h:mediatek:mt8735:-:*:*:*:*:*:*:*

OR cpe:/h:mediatek:mt8735b:-:*:*:*:*:*:*:*

OR cpe:/h:mediatek:mt8735m:-:*:*:*:*:*:*:*

OR cpe:/h:mediatek:mt8752:-:*:*:*:*:*:*:*

OR cpe:/h:mediatek:mt8765:-:*:*:*:*:*:*:*

OR cpe:/h:mediatek:mt8783:-:*:*:*:*:*:*:*

OR cpe:/h:mediatek:mt8785:-:*:*:*:*:*:*:*

OR cpe:/h:mediatek:mt8788:-:*:*:*:*:*:*:*

Denotes that component is vulnerable