Vulnerability Name:

CVE-2022-20106 (CCN-225693)

Assigned:2021-10-12
Published:2022-05-03
Updated:2022-05-12
Summary:In MM service, there is a possible out of bounds write due to a heap-based buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: DTV03330460; Issue ID: DTV03330460.
CVSS v3 Severity:6.7 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)
5.8 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): High
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
6.7 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)
5.8 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): High
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:4.6 Medium (CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
6.8 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:S/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-787
Vulnerability Consequences:Gain Privileges
References:Source: MITRE
Type: CNA
CVE-2022-20106

Source: CCN
Type: MediaTek Web site
May 2022 Product Security Bulletin

Source: MISC
Type: Vendor Advisory
https://corp.mediatek.com/product-security-bulletin/May-2022

Source: XF
Type: UNKNOWN
mediatek-cve202220106-priv-esc(225693)

Vulnerable Configuration:Configuration 1:
  • cpe:/o:google:android:9.0:*:*:*:*:*:*:*
  • OR cpe:/o:google:android:10.0:*:*:*:*:*:*:*
  • OR cpe:/o:google:android:11.0:*:*:*:*:*:*:*
  • AND
  • cpe:/h:mediatek:mt9629:-:*:*:*:*:*:*:*
  • OR cpe:/h:mediatek:mt9631:-:*:*:*:*:*:*:*
  • OR cpe:/h:mediatek:mt9632:-:*:*:*:*:*:*:*
  • OR cpe:/h:mediatek:mt9636:-:*:*:*:*:*:*:*
  • OR cpe:/h:mediatek:mt9638:-:*:*:*:*:*:*:*
  • OR cpe:/h:mediatek:mt9639:-:*:*:*:*:*:*:*
  • OR cpe:/h:mediatek:mt9650:-:*:*:*:*:*:*:*
  • OR cpe:/h:mediatek:mt9652:-:*:*:*:*:*:*:*
  • OR cpe:/h:mediatek:mt9669:-:*:*:*:*:*:*:*
  • OR cpe:/h:mediatek:mt9670:-:*:*:*:*:*:*:*
  • OR cpe:/h:mediatek:mt9011:-:*:*:*:*:*:*:*
  • OR cpe:/h:mediatek:mt9215:-:*:*:*:*:*:*:*
  • OR cpe:/h:mediatek:mt9216:-:*:*:*:*:*:*:*
  • OR cpe:/h:mediatek:mt9220:-:*:*:*:*:*:*:*
  • OR cpe:/h:mediatek:mt9221:-:*:*:*:*:*:*:*
  • OR cpe:/h:mediatek:mt9255:-:*:*:*:*:*:*:*
  • OR cpe:/h:mediatek:mt9256:-:*:*:*:*:*:*:*
  • OR cpe:/h:mediatek:mt9266:-:*:*:*:*:*:*:*
  • OR cpe:/h:mediatek:mt9269:-:*:*:*:*:*:*:*
  • OR cpe:/h:mediatek:mt9285:-:*:*:*:*:*:*:*
  • OR cpe:/h:mediatek:mt9286:-:*:*:*:*:*:*:*
  • OR cpe:/h:mediatek:mt9288:-:*:*:*:*:*:*:*
  • OR cpe:/h:mediatek:mt9600:-:*:*:*:*:*:*:*
  • OR cpe:/h:mediatek:mt9602:-:*:*:*:*:*:*:*
  • OR cpe:/h:mediatek:mt9610:-:*:*:*:*:*:*:*
  • OR cpe:/h:mediatek:mt9611:-:*:*:*:*:*:*:*
  • OR cpe:/h:mediatek:mt9675:-:*:*:*:*:*:*:*
  • OR cpe:/h:mediatek:mt9685:-:*:*:*:*:*:*:*
  • OR cpe:/h:mediatek:mt9686:-:*:*:*:*:*:*:*
  • OR cpe:/h:mediatek:mt9688:-:*:*:*:*:*:*:*
  • OR cpe:/h:mediatek:mt9612:-:*:*:*:*:*:*:*
  • OR cpe:/h:mediatek:mt9613:-:*:*:*:*:*:*:*
  • OR cpe:/h:mediatek:mt9615:-:*:*:*:*:*:*:*
  • OR cpe:/h:mediatek:mt9617:-:*:*:*:*:*:*:*
  • OR cpe:/h:mediatek:mt9630:-:*:*:*:*:*:*:*
  • OR cpe:/h:mediatek:mt9666:-:*:*:*:*:*:*:*

    • Configuration 2:
  • cpe:/o:linux:linux_kernel:4.9:-:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:4.19:-:*:*:*:*:*:*
  • AND
  • cpe:/h:mediatek:mt9629:-:*:*:*:*:*:*:*
  • OR cpe:/h:mediatek:mt9631:-:*:*:*:*:*:*:*
  • OR cpe:/h:mediatek:mt9632:-:*:*:*:*:*:*:*
  • OR cpe:/h:mediatek:mt9636:-:*:*:*:*:*:*:*
  • OR cpe:/h:mediatek:mt9638:-:*:*:*:*:*:*:*
  • OR cpe:/h:mediatek:mt9639:-:*:*:*:*:*:*:*
  • OR cpe:/h:mediatek:mt9650:-:*:*:*:*:*:*:*
  • OR cpe:/h:mediatek:mt9652:-:*:*:*:*:*:*:*
  • OR cpe:/h:mediatek:mt9669:-:*:*:*:*:*:*:*
  • OR cpe:/h:mediatek:mt9670:-:*:*:*:*:*:*:*
  • OR cpe:/h:mediatek:mt9011:-:*:*:*:*:*:*:*
  • OR cpe:/h:mediatek:mt9215:-:*:*:*:*:*:*:*
  • OR cpe:/h:mediatek:mt9216:-:*:*:*:*:*:*:*
  • OR cpe:/h:mediatek:mt9220:-:*:*:*:*:*:*:*
  • OR cpe:/h:mediatek:mt9221:-:*:*:*:*:*:*:*
  • OR cpe:/h:mediatek:mt9255:-:*:*:*:*:*:*:*
  • OR cpe:/h:mediatek:mt9256:-:*:*:*:*:*:*:*
  • OR cpe:/h:mediatek:mt9266:-:*:*:*:*:*:*:*
  • OR cpe:/h:mediatek:mt9269:-:*:*:*:*:*:*:*
  • OR cpe:/h:mediatek:mt9285:-:*:*:*:*:*:*:*
  • OR cpe:/h:mediatek:mt9286:-:*:*:*:*:*:*:*
  • OR cpe:/h:mediatek:mt9288:-:*:*:*:*:*:*:*
  • OR cpe:/h:mediatek:mt9600:-:*:*:*:*:*:*:*
  • OR cpe:/h:mediatek:mt9602:-:*:*:*:*:*:*:*
  • OR cpe:/h:mediatek:mt9610:-:*:*:*:*:*:*:*
  • OR cpe:/h:mediatek:mt9611:-:*:*:*:*:*:*:*
  • OR cpe:/h:mediatek:mt9675:-:*:*:*:*:*:*:*
  • OR cpe:/h:mediatek:mt9685:-:*:*:*:*:*:*:*
  • OR cpe:/h:mediatek:mt9686:-:*:*:*:*:*:*:*
  • OR cpe:/h:mediatek:mt9688:-:*:*:*:*:*:*:*
  • OR cpe:/h:mediatek:mt9612:-:*:*:*:*:*:*:*
  • OR cpe:/h:mediatek:mt9613:-:*:*:*:*:*:*:*
  • OR cpe:/h:mediatek:mt9615:-:*:*:*:*:*:*:*
  • OR cpe:/h:mediatek:mt9617:-:*:*:*:*:*:*:*
  • OR cpe:/h:mediatek:mt9630:-:*:*:*:*:*:*:*
  • OR cpe:/h:mediatek:mt9666:-:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    google android 9.0
    google android 10.0
    google android 11.0
    mediatek mt9629 -
    mediatek mt9631 -
    mediatek mt9632 -
    mediatek mt9636 -
    mediatek mt9638 -
    mediatek mt9639 -
    mediatek mt9650 -
    mediatek mt9652 -
    mediatek mt9669 -
    mediatek mt9670 -
    mediatek mt9011 -
    mediatek mt9215 -
    mediatek mt9216 -
    mediatek mt9220 -
    mediatek mt9221 -
    mediatek mt9255 -
    mediatek mt9256 -
    mediatek mt9266 -
    mediatek mt9269 -
    mediatek mt9285 -
    mediatek mt9286 -
    mediatek mt9288 -
    mediatek mt9600 -
    mediatek mt9602 -
    mediatek mt9610 -
    mediatek mt9611 -
    mediatek mt9675 -
    mediatek mt9685 -
    mediatek mt9686 -
    mediatek mt9688 -
    mediatek mt9612 -
    mediatek mt9613 -
    mediatek mt9615 -
    mediatek mt9617 -
    mediatek mt9630 -
    mediatek mt9666 -
    linux linux kernel 4.9
    linux linux kernel 4.19
    mediatek mt9629 -
    mediatek mt9631 -
    mediatek mt9632 -
    mediatek mt9636 -
    mediatek mt9638 -
    mediatek mt9639 -
    mediatek mt9650 -
    mediatek mt9652 -
    mediatek mt9669 -
    mediatek mt9670 -
    mediatek mt9011 -
    mediatek mt9215 -
    mediatek mt9216 -
    mediatek mt9220 -
    mediatek mt9221 -
    mediatek mt9255 -
    mediatek mt9256 -
    mediatek mt9266 -
    mediatek mt9269 -
    mediatek mt9285 -
    mediatek mt9286 -
    mediatek mt9288 -
    mediatek mt9600 -
    mediatek mt9602 -
    mediatek mt9610 -
    mediatek mt9611 -
    mediatek mt9675 -
    mediatek mt9685 -
    mediatek mt9686 -
    mediatek mt9688 -
    mediatek mt9612 -
    mediatek mt9613 -
    mediatek mt9615 -
    mediatek mt9617 -
    mediatek mt9630 -
    mediatek mt9666 -