CVE-2022-26438

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2022-26438
In wifi driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: GN20220420013; Issue ID: GN20220420013.

6.7 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 0.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://corp.mediatek.com/product-security-bulletin/August-2022 Vendor Advisory
https://corp.mediatek.com/product-security-bulletin/August-2022 Vendor Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:mediatek:mt7603_firmware:7.6.2.3:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt7603:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:mediatek:mt7610_firmware:7.6.2.3:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt7610:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:mediatek:mt7612_firmware:7.6.2.3:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt7612:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:mediatek:mt7613_firmware:7.6.2.3:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt7613:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:mediatek:mt7615_firmware:7.6.2.3:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt7615:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:mediatek:mt7620_firmware:7.6.2.3:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt7620:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:mediatek:mt7622_firmware:7.6.2.3:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt7622:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:mediatek:mt7628_firmware:7.6.2.3:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt7628:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
cpe:2.3:o:mediatek:mt7629_firmware:7.6.2.3:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt7629:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND
cpe:2.3:o:mediatek:mt7915_firmware:7.6.2.3:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt7915:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND
cpe:2.3:o:mediatek:mt7916_firmware:7.6.2.3:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt7916:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND
cpe:2.3:o:mediatek:mt7986_firmware:7.6.2.3:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt7986:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND
cpe:2.3:o:mediatek:mt8981_firmware:7.6.2.3:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8981:-:*:*:*:*:*:*:*
History

21 Nov 2024, 06:53

Type Values Removed Values Added
References () https://corp.mediatek.com/product-security-bulletin/August-2022 - Vendor Advisory () https://corp.mediatek.com/product-security-bulletin/August-2022 - Vendor Advisory

05 Aug 2022, 03:44

Type Values Removed Values Added
CWE CWE-787
References (MISC) https://corp.mediatek.com/product-security-bulletin/August-2022 - (MISC) https://corp.mediatek.com/product-security-bulletin/August-2022 - Vendor Advisory
CPE cpe:2.3:h:mediatek:mt7986:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt7915:-:*:*:*:*:*:*:*
cpe:2.3:o:mediatek:mt8981_firmware:7.6.2.3:*:*:*:*:*:*:*
cpe:2.3:o:mediatek:mt7622_firmware:7.6.2.3:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt7629:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt7610:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt7612:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8981:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt7613:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt7628:-:*:*:*:*:*:*:*
cpe:2.3:o:mediatek:mt7612_firmware:7.6.2.3:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt7916:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt7620:-:*:*:*:*:*:*:*
cpe:2.3:o:mediatek:mt7610_firmware:7.6.2.3:*:*:*:*:*:*:*
cpe:2.3:o:mediatek:mt7915_firmware:7.6.2.3:*:*:*:*:*:*:*
cpe:2.3:o:mediatek:mt7620_firmware:7.6.2.3:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt7615:-:*:*:*:*:*:*:*
cpe:2.3:o:mediatek:mt7629_firmware:7.6.2.3:*:*:*:*:*:*:*
cpe:2.3:o:mediatek:mt7916_firmware:7.6.2.3:*:*:*:*:*:*:*
cpe:2.3:o:mediatek:mt7986_firmware:7.6.2.3:*:*:*:*:*:*:*
cpe:2.3:o:mediatek:mt7603_firmware:7.6.2.3:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt7622:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt7603:-:*:*:*:*:*:*:*
cpe:2.3:o:mediatek:mt7628_firmware:7.6.2.3:*:*:*:*:*:*:*
cpe:2.3:o:mediatek:mt7615_firmware:7.6.2.3:*:*:*:*:*:*:*
cpe:2.3:o:mediatek:mt7613_firmware:7.6.2.3:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 6.7

01 Aug 2022, 14:32

Type Values Removed Values Added
New CVE
Information

Published : 2022-08-01 14:15

Updated : 2024-11-21 06:53

NVD link : CVE-2022-26438

Mitre link : CVE-2022-26438

CVE.ORG link : CVE-2022-26438

JSON object : View

Products Affected

mediatek

  • mt7622
  • mt7603_firmware
  • mt8981
  • mt7986_firmware
  • mt7613_firmware
  • mt7612
  • mt7610
  • mt7622_firmware
  • mt7615_firmware
  • mt7628_firmware
  • mt7615
  • mt7915
  • mt7620
  • mt7613
  • mt7915_firmware
  • mt7916_firmware
  • mt7916
  • mt7986
  • mt8981_firmware
  • mt7610_firmware
  • mt7628
  • mt7629_firmware
  • mt7603
  • mt7620_firmware
  • mt7612_firmware
  • mt7629
CWE
CWE-787

Out-of-bounds Write