In BT firmware, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06784478; Issue ID: ALPS06784478.
References
Link | Resource |
---|---|
https://corp.mediatek.com/product-security-bulletin/September-2022 | Vendor Advisory |
Configurations
Configuration 1 (hide)
AND |
|
History
08 Aug 2023, 14:21
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-787 |
09 Sep 2022, 04:36
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://corp.mediatek.com/product-security-bulletin/September-2022 - Vendor Advisory | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.8 |
First Time |
Mediatek mt8788
Mediatek mt8173 Mediatek mt6753 Mediatek mt6755s Mediatek mt8532 Mediatek mt8321 Yoctoproject Mediatek mt6757cd Mediatek mt6750s Mediatek mt8183 Mediatek mt8765 Mediatek mt8167s Mediatek mt8167 Mediatek mt6771 Mediatek mt8385 Yoctoproject yocto Mediatek Mediatek mt6735 Mediatek mt6757c Mediatek mt8163 Mediatek mt6757 Google android Mediatek mt6737 Mediatek mt6739 Mediatek mt8518 Mediatek mt6763 Mediatek mt6757ch Mediatek mt8362a Mediatek mt6580 |
|
CWE | CWE-20 | |
CPE | cpe:2.3:h:mediatek:mt6757:-:*:*:*:*:*:*:* cpe:2.3:h:mediatek:mt8321:-:*:*:*:*:*:*:* cpe:2.3:h:mediatek:mt8518:-:*:*:*:*:*:*:* cpe:2.3:h:mediatek:mt8173:-:*:*:*:*:*:*:* cpe:2.3:h:mediatek:mt8167s:-:*:*:*:*:*:*:* cpe:2.3:h:mediatek:mt8183:-:*:*:*:*:*:*:* cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:* cpe:2.3:h:mediatek:mt8532:-:*:*:*:*:*:*:* cpe:2.3:h:mediatek:mt6739:-:*:*:*:*:*:*:* cpe:2.3:h:mediatek:mt6750s:-:*:*:*:*:*:*:* cpe:2.3:h:mediatek:mt8788:-:*:*:*:*:*:*:* cpe:2.3:h:mediatek:mt6755s:-:*:*:*:*:*:*:* cpe:2.3:h:mediatek:mt8167:-:*:*:*:*:*:*:* cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:* cpe:2.3:o:google:android:10.0:*:*:*:*:*:*:* cpe:2.3:h:mediatek:mt6757c:-:*:*:*:*:*:*:* cpe:2.3:h:mediatek:mt6757ch:-:*:*:*:*:*:*:* cpe:2.3:h:mediatek:mt6737:-:*:*:*:*:*:*:* cpe:2.3:h:mediatek:mt6580:-:*:*:*:*:*:*:* cpe:2.3:h:mediatek:mt8385:-:*:*:*:*:*:*:* cpe:2.3:h:mediatek:mt6771:-:*:*:*:*:*:*:* cpe:2.3:h:mediatek:mt8765:-:*:*:*:*:*:*:* cpe:2.3:o:yoctoproject:yocto:3.1:*:*:*:*:*:*:* cpe:2.3:h:mediatek:mt6763:-:*:*:*:*:*:*:* cpe:2.3:h:mediatek:mt8163:-:*:*:*:*:*:*:* cpe:2.3:h:mediatek:mt8362a:-:*:*:*:*:*:*:* cpe:2.3:h:mediatek:mt6757cd:-:*:*:*:*:*:*:* cpe:2.3:h:mediatek:mt6753:-:*:*:*:*:*:*:* cpe:2.3:h:mediatek:mt6735:-:*:*:*:*:*:*:* |
06 Sep 2022, 18:50
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-09-06 18:15
Updated : 2023-12-10 14:35
NVD link : CVE-2022-26447
Mitre link : CVE-2022-26447
CVE.ORG link : CVE-2022-26447
JSON object : View
Products Affected
mediatek
- mt8163
- mt8788
- mt8183
- mt6737
- mt6757cd
- mt6771
- mt8167s
- mt6763
- mt6753
- mt6750s
- mt8532
- mt6735
- mt6757ch
- mt8765
- mt8518
- mt8321
- mt6755s
- mt8385
- mt6757
- mt8362a
- mt8167
- mt6739
- mt6757c
- mt8173
- mt6580
yoctoproject
- yocto
- android
CWE
CWE-787
Out-of-bounds Write