The MediaTek Product Security Bulletin contains details of security vulnerabilities affecting MediaTek Smartphone, Tablet, AIoT, Smart display, Smart platform, OTT and TV chipsets. Device OEMs have been notified of all the issues and the corresponding security patches for at least two months before publication.
The severity of the identified vulnerabilities was conducted based on the Common Vulnerability Scoring System version 3.1 (CVSS v3.1).
The severity of the identified vulnerabilities was conducted based on the Common Vulnerability Scoring System version 3.1 (CVSS v3.1).
Summary
Details
| CVE | CVE-2022-26447 |
|---|---|
| Title | Improper input validation in BT firmware |
| Severity | High |
| Vulnerability Type | RCE |
| CWE | CWE-20 Improper Input Validation |
| Description | In BT firmware, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. |
| Affected Chipsets | MT6580, MT6735, MT6737, MT6739, MT6750S, MT6753, MT6755S, MT6757, MT6757C, MT6757CD, MT6757CH, MT6763, MT6771, MT8163, MT8167, MT8167S, MT8173, MT8183, MT8321, MT8362A, MT8385, MT8518, MT8532, MT8765, MT8788 |
| Affected Software Versions | Android 10.0, 11.0, 12.0 and Yocto 3.1 |
| CVE | CVE-2022-26448 |
|---|---|
| Title | Improper input validation in apusys |
| Severity | Medium |
| Vulnerability Type | EoP |
| CWE | CWE-20 Improper Input Validation |
| Description | In apusys, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. |
| Affected Chipsets | MT6853T, MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893 |
| Affected Software Versions | Android 11.0, 12.0 |
| CVE | CVE-2022-26449 |
|---|---|
| Title | Improper input validation in apusys |
| Severity | Medium |
| Vulnerability Type | EoP |
| CWE | CWE-20 Improper Input Validation |
| Description | In apusys, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. |
| Affected Chipsets | MT6879, MT6895, MT6983 |
| Affected Software Versions | Android 12.0 |
| CVE | CVE-2022-26450 |
|---|---|
| Title | Concurrent execution using shared resource with improper synchronization ('race condition') in apusys |
| Severity | Medium |
| Vulnerability Type | EoP |
| CWE | CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') |
| Description | In apusys, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. |
| Affected Chipsets | MT6879, MT6895, MT6983 |
| Affected Software Versions | Android 12.0 |
| CVE | CVE-2022-26451 |
|---|---|
| Title | Improper synchronization in ged |
| Severity | Medium |
| Vulnerability Type | EoP |
| CWE | CWE-662 Improper Synchronization |
| Description | In ged, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. |
| Affected Chipsets | MT6789, MT6855, MT6879, MT6895, MT6983, MT8168, MT8365 |
| Affected Software Versions | Android 12.0 |
| CVE | CVE-2022-26453 |
|---|---|
| Title | Use after free in teei |
| Severity | Medium |
| Vulnerability Type | EoP |
| CWE | CWE-416 Use After Free |
| Description | In teei, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. |
| Affected Chipsets | MT6761, MT6765, MT6768, MT6771, MT6779, MT6781, MT6785, MT6833, MT6853, MT6875, MT6877, MT6879, MT6885, MT6893, MT6895, MT6983 |
| Affected Software Versions | Android 11.0, 12.0 |
| CVE | CVE-2022-26454 |
|---|---|
| Title | Integer overflow or wraparound in teei |
| Severity | Medium |
| Vulnerability Type | EoP |
| CWE | CWE-190 Integer Overflow or Wraparound |
| Description | In teei, there is a possible memory corruption due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. |
| Affected Chipsets | MT6761, MT6765, MT6768, MT6771, MT6779, MT6781, MT6785, MT6833, MT6853, MT6875, MT6877, MT6879, MT6885, MT6893, MT6895, MT6983 |
| Affected Software Versions | Android 11.0, 12.0 |
| CVE | CVE-2022-26455 |
|---|---|
| Title | Improper handling of exceptional conditions in gz |
| Severity | Medium |
| Vulnerability Type | EoP |
| CWE | CWE-755 Improper Handling of Exceptional Conditions |
| Description | In gz, there is a possible memory corruption due to incorrect error handling. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. |
| Affected Chipsets | MT6789, MT6855, MT6879, MT6895, MT6983 |
| Affected Software Versions | Android 12.0 |
| CVE | CVE-2022-26456 |
|---|---|
| Title | Unix symbolic link (symlink) following in vow |
| Severity | Medium |
| Vulnerability Type | ID |
| CWE | CWE-61 UNIX Symbolic Link (Symlink) Following |
| Description | In vow, there is a possible information disclosure due to a symbolic link following. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. |
| Affected Chipsets | MT6769, MT6781, MT6785, MT6789, MT6833, MT6853, MT6855, MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893, MT6983, MT8185, MT8789, MT8791, MT8797 |
| Affected Software Versions | Android 11.0 |
| CVE | CVE-2022-26457 |
|---|---|
| Title | Improper input validation in vow |
| Severity | Medium |
| Vulnerability Type | EoP |
| CWE | CWE-20 Improper Input Validation |
| Description | In vow, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. |
| Affected Chipsets | MT6769, MT6781, MT6785, MT6833, MT6855, MT6877, MT6879, MT6893, MT6983, MT8791, MT8797 |
| Affected Software Versions | Android 11.0, 12.0 |
| CVE | CVE-2022-26458 |
|---|---|
| Title | Improper input validation in vow |
| Severity | Medium |
| Vulnerability Type | EoP |
| CWE | CWE-20 Improper Input Validation |
| Description | In vow, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. |
| Affected Chipsets | MT6853, MT6855, MT6873, MT6877, MT6883, MT6885, MT6893, MT6895, MT6983, MT8791, MT8797 |
| Affected Software Versions | Android 11.0, 12.0 |
| CVE | CVE-2022-26459 |
|---|---|
| Title | Integer overflow or wraparound in vow |
| Severity | Medium |
| Vulnerability Type | ID |
| CWE | CWE-190 Integer Overflow or Wraparound |
| Description | In vow, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. |
| Affected Chipsets | MT6833, MT6853, MT6855, MT6873, MT6877, MT6879, MT6883, MT6885, MT6889, MT6893, MT6895, MT6983, MT8791, MT8797 |
| Affected Software Versions | Android 11.0, 12.0 |
| CVE | CVE-2022-26460 |
|---|---|
| Title | Improper input validation in vow |
| Severity | Medium |
| Vulnerability Type | EoP |
| CWE | CWE-20 Improper Input Validation |
| Description | In vow, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. |
| Affected Chipsets | MT6833, MT6853, MT6855, MT6873, MT6877, MT6879, MT6883, MT6885, MT6889, MT6893, MT6895, MT6983, MT8791, MT8797 |
| Affected Software Versions | Android 11.0, 12.0 |
| CVE | CVE-2022-26461 |
|---|---|
| Title | Undefined behavior for input to api in vow |
| Severity | Medium |
| Vulnerability Type | EoP |
| CWE | CWE-475 Undefined Behavior for Input to API |
| Description | In vow, there is a possible undefined behavior due to an API misuse. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. |
| Affected Chipsets | MT6833, MT6853, MT6855, MT6873, MT6877, MT6879, MT6883, MT6885, MT6889, MT6893, MT6895, MT6983, MT8791, MT8797 |
| Affected Software Versions | Android 11.0, 12.0 |
| CVE | CVE-2022-26462 |
|---|---|
| Title | Improper input validation in vow |
| Severity | Medium |
| Vulnerability Type | ID |
| CWE | CWE-20 Improper Input Validation |
| Description | In vow, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. |
| Affected Chipsets | MT6833, MT6853, MT6855, MT6873, MT6877, MT6879, MT6883, MT6885, MT6889, MT6893, MT6895, MT6983, MT8791, MT8797 |
| Affected Software Versions | Android 11.0, 12.0 |
| CVE | CVE-2022-26463 |
|---|---|
| Title | Improper input validation in vow |
| Severity | Medium |
| Vulnerability Type | ID |
| CWE | CWE-20 Improper Input Validation |
| Description | In vow, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. |
| Affected Chipsets | MT6833, MT6853, MT6855, MT6873, MT6877, MT6879, MT6883, MT6885, MT6889, MT6893, MT6895, MT6983, MT8791, MT8797 |
| Affected Software Versions | Android 11.0, 12.0 |
| CVE | CVE-2022-26464 |
|---|---|
| Title | Improper input validation in vow |
| Severity | Medium |
| Vulnerability Type | EoP |
| CWE | CWE-20 Improper Input Validation |
| Description | In vow, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. |
| Affected Chipsets | MT6833, MT6853, MT6855, MT6873, MT6877, MT6879, MT6883, MT6885, MT6889, MT6893, MT6895, MT6983, MT8791, MT8797 |
| Affected Software Versions | Android 11.0, 12.0 |
| CVE | CVE-2022-26465 |
|---|---|
| Title | Improper input validation in audio ipi |
| Severity | Medium |
| Vulnerability Type | EoP |
| CWE | CWE-20 Improper Input Validation |
| Description | In audio ipi, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. |
| Affected Chipsets | MT6779, MT6781, MT6785, MT6853, MT6853T, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6889, MT6893, MT6895, MT6983, MT8512A, MT8518, MT8791, MT8797, MT8798 |
| Affected Software Versions | Android 11.0, 12.0 and Yocto 3.1 |
| CVE | CVE-2022-26466 |
|---|---|
| Title | Integer overflow or wraparound in audio ipi |
| Severity | Medium |
| Vulnerability Type | EoP |
| CWE | CWE-190 Integer Overflow or Wraparound |
| Description | In audio ipi, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. |
| Affected Chipsets | MT6779, MT6781, MT6785, MT6853, MT6853T, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6889, MT6893, MT6895, MT6983, MT8512A, MT8518, MT8519_M1V1, MT8519_P1V1, MT8791, MT8797, MT8798 |
| Affected Software Versions | Android 11.0, 12.0 and Yocto 3.1 |
| CVE | CVE-2022-26467 |
|---|---|
| Title | Improper input validation in rpmb |
| Severity | Medium |
| Vulnerability Type | EoP |
| CWE | CWE-20 Improper Input Validation |
| Description | In rpmb, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. |
| Affected Chipsets | MT6580, MT6735, MT6737, MT6739, MT6753, MT6761, MT6765, MT6768, MT6771, MT6779, MT6781, MT6785, MT6833, MT6853, MT6853T, MT6855, MT6873, MT6877, MT6879, MT6883, MT6885, MT6889, MT6893, MT6895, MT6983, MT8168, MT8183, MT8321, MT8365, MT8385, MT8666, MT8675, MT8765, MT8768, MT8786, MT8788, MT8797 |
| Affected Software Versions | Android 11.0, 12.0 |
| CVE | CVE-2022-26468 |
|---|---|
| Title | Improper input validation in preloader (usb) |
| Severity | Medium |
| Vulnerability Type | EoP |
| CWE | CWE-20 Improper Input Validation |
| Description | In preloader (usb), there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, for an attacker who has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. |
| Affected Chipsets | MT6735, MT6739, MT6761, MT6763, MT6765, MT6768, MT6771, MT6779, MT6781, MT6785, MT6833, MT6853, MT6855, MT6873, MT6877, MT6879, MT6885, MT6893, MT6895, MT6983, MT8163, MT8167, MT8167S, MT8168, MT8173, MT8175, MT8183, MT8185, MT8321, MT8362A, MT8365, MT8385, MT8666, MT8667, MT8675, MT8735A, MT8735B, MT8765, MT8766, MT8768, MT8786, MT8788, MT8789, MT8797 |
| Affected Software Versions | Android 11.0, 12.0 |
| CVE | CVE-2022-26469 |
|---|---|
| Title | Use of externally-controlled input to select classes or code ('unsafe reflection') in MtkEmail |
| Severity | Medium |
| Vulnerability Type | EoP |
| CWE | CWE-470 Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') |
| Description | In MtkEmail, there is a possible escalation of privilege due to fragment injection. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. |
| Affected Chipsets | MT6580, MT6735, MT6737, MT6739, MT6761, MT6765, MT6768, MT6771, MT6779, MT6781, MT6785, MT6833, MT6853, MT6855, MT6873, MT6877, MT6879, MT6883, MT6885, MT6889, MT6895, MT6983, MT8167, MT8167S, MT8168, MT8173, MT8175, MT8185, MT8321, MT8362A, MT8365, MT8385, MT8666, MT8675, MT8765, MT8766, MT8768, MT8786, MT8788, MT8789, MT8791, MT8797 |
| Affected Software Versions | Android 11.0, 12.0 |
| CVE | CVE-2022-26470 |
|---|---|
| Title | Improper input validation in aie |
| Severity | Medium |
| Vulnerability Type | EoP |
| CWE | CWE-20 Improper Input Validation |
| Description | In aie, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. |
| Affected Chipsets | MT6879, MT6895, MT6983, MT8321, MT8385, MT8765, MT8766, MT8768, MT8786, MT8788, MT8789 |
| Affected Software Versions | Android 12.0 |
Vulnerability Type Definition
| Abbreviation | Definition |
|---|---|
| RCE | Remote Code Execution |
| EoP | Elevation of Privilege |
| ID | Information Disclosure |
| DoS | Denial of Service |
| N/A | Classification not available |
Versions
| Version | Date | Description |
| 1.0 | September 5, 2022 | Bulletin published. |
Notes
Information above is generated only at the time of creation of this Security Bulletin. The list of affected chipsets could be not complete. For any further information, device OEMs can reach your MediaTek contact person if needed.
If you want to report a security vulnerability in MediaTek chipsets or products, please go to Report Security Vulnerability page on MediaTek website.
If you want to report a security vulnerability in MediaTek chipsets or products, please go to Report Security Vulnerability page on MediaTek website.