In atf (spm), there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS06171715; Issue ID: ALPS06171715.
References
| Link | Resource |
|---|---|
| https://corp.mediatek.com/product-security-bulletin/April-2022 | Vendor Advisory |
| https://corp.mediatek.com/product-security-bulletin/April-2022 | Vendor Advisory |
Configurations
Configuration 1 (hide)
| AND |
|
History
21 Nov 2024, 06:42
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://corp.mediatek.com/product-security-bulletin/April-2022 - Vendor Advisory |
15 Apr 2022, 03:43
| Type | Values Removed | Values Added |
|---|---|---|
| CPE | cpe:2.3:o:google:android:9.0:*:*:*:*:*:*:* cpe:2.3:h:mediatek:mt8788:-:*:*:*:*:*:*:* cpe:2.3:h:mediatek:mt8385:-:*:*:*:*:*:*:* cpe:2.3:h:mediatek:mt8666:-:*:*:*:*:*:*:* cpe:2.3:h:mediatek:mt8667:-:*:*:*:*:*:*:* cpe:2.3:o:google:android:10.0:*:*:*:*:*:*:* cpe:2.3:h:mediatek:mt8766:-:*:*:*:*:*:*:* cpe:2.3:h:mediatek:mt8786:-:*:*:*:*:*:*:* cpe:2.3:h:mediatek:mt6765:-:*:*:*:*:*:*:* |
|
| References | (MISC) https://corp.mediatek.com/product-security-bulletin/April-2022 - Vendor Advisory | |
| CVSS |
v2 : v3 : |
v2 : 6.9
v3 : 6.5 |
| CWE | CWE-787 |
11 Apr 2022, 20:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2022-04-11 20:15
Updated : 2024-11-21 06:42
NVD link : CVE-2022-20063
Mitre link : CVE-2022-20063
CVE.ORG link : CVE-2022-20063
JSON object : View
Products Affected
mediatek
- mt6765
- mt8766
- mt8667
- mt8786
- mt8666
- mt8788
- mt8385
- android
CWE
CWE-787
Out-of-bounds Write