CVE-2022-20082

In GPU, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07044730; Issue ID: ALPS07044730.

CVSS v3 7.0 HIGH
CVSS v2.0 6.9 MEDIUM

7.0^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.0 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity HIGH

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

6.9^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:L/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 3.4 / Impact : 10.0

Access Vector LOCAL

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
https://corp.mediatek.com/product-security-bulletin/July-2022	Vendor Advisory
https://corp.mediatek.com/product-security-bulletin/July-2022	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:o:google:android:10.0:::::::*
	cpe:2.3:o:google:android:11.0:::::::*
	cpe:2.3:o:google:android:12.0:::::::*

OR	cpe:2.3:h:mediatek:mt6768:-:::::::*
	cpe:2.3:h:mediatek:mt6769:-:::::::*
	cpe:2.3:h:mediatek:mt6781:-:::::::*
	cpe:2.3:h:mediatek:mt6785:-:::::::*
	cpe:2.3:h:mediatek:mt6789:-:::::::*
	cpe:2.3:h:mediatek:mt6833:-:::::::*
	cpe:2.3:h:mediatek:mt6853:-:::::::*
	cpe:2.3:h:mediatek:mt6853t:-:::::::*
	cpe:2.3:h:mediatek:mt6873:-:::::::*
	cpe:2.3:h:mediatek:mt6875:-:::::::*
	cpe:2.3:h:mediatek:mt6877:-:::::::*
	cpe:2.3:h:mediatek:mt6879:-:::::::*
	cpe:2.3:h:mediatek:mt6883:-:::::::*
	cpe:2.3:h:mediatek:mt6885:-:::::::*
	cpe:2.3:h:mediatek:mt6889:-:::::::*
	cpe:2.3:h:mediatek:mt6893:-:::::::*
	cpe:2.3:h:mediatek:mt6895:-:::::::*
	cpe:2.3:h:mediatek:mt6983:-:::::::*

History

21 Nov 2024, 06:42

Type	Values Removed	Values Added
References	~~() https://corp.mediatek.com/product-security-bulletin/July-2022 - Vendor Advisory~~	() https://corp.mediatek.com/product-security-bulletin/July-2022 - Vendor Advisory

14 Jul 2022, 01:22

Type	Values Removed	Values Added
CWE		CWE-362
References	~~(MISC) https://corp.mediatek.com/product-security-bulletin/July-2022 -~~	(MISC) https://corp.mediatek.com/product-security-bulletin/July-2022 - Vendor Advisory
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : 6.9 v3 : 7.0
CPE		cpe:2.3:h:mediatek:mt6983:-:::::::* cpe:2.3:h:mediatek:mt6781:-:::::::* cpe:2.3:h:mediatek:mt6833:-:::::::* cpe:2.3:h:mediatek:mt6875:-:::::::* cpe:2.3:h:mediatek:mt6768:-:::::::* cpe:2.3:h:mediatek:mt6769:-:::::::* cpe:2.3:h:mediatek:mt6895:-:::::::* cpe:2.3:o:google:android:12.0:::::::* cpe:2.3:o:google:android:11.0:::::::* cpe:2.3:h:mediatek:mt6877:-:::::::* cpe:2.3:h:mediatek:mt6889:-:::::::* cpe:2.3:h:mediatek:mt6853:-:::::::* cpe:2.3:h:mediatek:mt6853t:-:::::::* cpe:2.3:h:mediatek:mt6893:-:::::::* cpe:2.3:h:mediatek:mt6789:-:::::::* cpe:2.3:h:mediatek:mt6883:-:::::::* cpe:2.3:h:mediatek:mt6879:-:::::::* cpe:2.3:o:google:android:10.0:::::::* cpe:2.3:h:mediatek:mt6885:-:::::::* cpe:2.3:h:mediatek:mt6873:-:::::::* cpe:2.3:h:mediatek:mt6785:-:::::::*

06 Jul 2022, 14:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2022-07-06 14:15

Updated : 2024-11-21 06:42

NVD link : CVE-2022-20082

Mitre link : CVE-2022-20082

CVE.ORG link : CVE-2022-20082

JSON object : View

Products Affected

mediatek

mt6833
mt6879
mt6889
mt6895
mt6883
mt6893
mt6853
mt6785
mt6983
mt6769
mt6768
mt6789
mt6873
mt6781
mt6875
mt6885
mt6877
mt6853t

google

android

CWE

CWE-362

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

7.0 /10