CVE-2022-20047 - OpenCVE

In video decoder, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05917489; Issue ID: ALPS05917489.

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:L/AC:L/Au:N/C:C/I:C/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Mediatek	Mt6893 Mt9901 Mt9980 Mt5835 Mt9950 Mt9970 Mt9969 Mt9900 Mt5816 Mt6885
Google	Android

Configuration 1 [-]

AND

OR	cpe:2.3:o:google:android:10.0:::::::*
	cpe:2.3:o:google:android:11.0:::::::*
	cpe:2.3:o:google:android:12.0:::::::*

OR	cpe:2.3:h:mediatek:mt5816:-:::::::*
	cpe:2.3:h:mediatek:mt5835:-:::::::*
	cpe:2.3:h:mediatek:mt6885:-:::::::*
	cpe:2.3:h:mediatek:mt6893:-:::::::*
	cpe:2.3:h:mediatek:mt9900:-:::::::*
	cpe:2.3:h:mediatek:mt9901:-:::::::*
	cpe:2.3:h:mediatek:mt9950:-:::::::*
	cpe:2.3:h:mediatek:mt9969:-:::::::*
	cpe:2.3:h:mediatek:mt9970:-:::::::*
	cpe:2.3:h:mediatek:mt9980:-:::::::*

References

Link	Resource
https://corp.mediatek.com/product-security-bulletin/March-2022	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: MediaTek

Published: 2022-03-09T17:02:08

Updated: 2022-03-09T17:02:08

Reserved: 2021-10-12T00:00:00

Link: CVE-2022-20047

JSON object: View

NVD Information

Status : Analyzed

Published: 2022-03-10T17:45:02.267

Modified: 2022-03-15T18:40:52.517

Link: CVE-2022-20047

JSON object: View

Redhat Information

No data.

CWE

CWE-787

{"containers": {"cna": {"affected": [{"product": "MT5816, MT5835, MT6885, MT6893, MT9900, MT9901, MT9950, MT9969, MT9970, MT9980", "vendor": "MediaTek, Inc.", "versions": [{"status": "affected", "version": "Android 10.0, 11.0, 12.0"}]}], "descriptions": [{"lang": "en", "value": "In video decoder, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05917489; Issue ID: ALPS05917489."}], "problemTypes": [{"descriptions": [{"description": "Elevation of Privilege", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-03-09T17:02:08", "orgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374", "shortName": "MediaTek"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://corp.mediatek.com/product-security-bulletin/March-2022"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@mediatek.com", "ID": "CVE-2022-20047", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "MT5816, MT5835, MT6885, MT6893, MT9900, MT9901, MT9950, MT9969, MT9970, MT9980", "version": {"version_data": [{"version_value": "Android 10.0, 11.0, 12.0"}]}}]}, "vendor_name": "MediaTek, Inc."}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In video decoder, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05917489; Issue ID: ALPS05917489."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Elevation of Privilege"}]}]}, "references": {"reference_data": [{"name": "https://corp.mediatek.com/product-security-bulletin/March-2022", "refsource": "MISC", "url": "https://corp.mediatek.com/product-security-bulletin/March-2022"}]}}}}, "cveMetadata": {"assignerOrgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374", "assignerShortName": "MediaTek", "cveId": "CVE-2022-20047", "datePublished": "2022-03-09T17:02:08", "dateReserved": "2021-10-12T00:00:00", "dateUpdated": "2022-03-09T17:02:08", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:google:android:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "D558D965-FA70-4822-A770-419E73BA9ED3", "vulnerable": true}, {"criteria": "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*", "matchCriteriaId": "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64", "vulnerable": true}, {"criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", "matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:mediatek:mt5816:-:*:*:*:*:*:*:*", "matchCriteriaId": "B68EA99F-5323-4167-9DF9-D677BCA37A22", "vulnerable": false}, {"criteria": "cpe:2.3:h:mediatek:mt5835:-:*:*:*:*:*:*:*", "matchCriteriaId": "63B93DFF-3D39-42DD-B6EB-3E3172F25A93", "vulnerable": false}, {"criteria": "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*", "matchCriteriaId": "DD64413C-C774-4C4F-9551-89E1AA9469EE", "vulnerable": false}, {"criteria": "cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*", "matchCriteriaId": "213B5C7F-D965-4312-9CDF-4F06FA77D401", "vulnerable": false}, {"criteria": "cpe:2.3:h:mediatek:mt9900:-:*:*:*:*:*:*:*", "matchCriteriaId": "E4A720E3-FF7F-4607-998D-EBD23F38A2DA", "vulnerable": false}, {"criteria": "cpe:2.3:h:mediatek:mt9901:-:*:*:*:*:*:*:*", "matchCriteriaId": "0F433EC9-C9F5-40D4-9EBB-219295EC1978", "vulnerable": false}, {"criteria": "cpe:2.3:h:mediatek:mt9950:-:*:*:*:*:*:*:*", "matchCriteriaId": "31E0E580-A76F-4CFA-BFF2-0F7540C63C3C", "vulnerable": false}, {"criteria": "cpe:2.3:h:mediatek:mt9969:-:*:*:*:*:*:*:*", "matchCriteriaId": "2B14AF01-D1D9-483B-9D10-2697A08FFA8F", "vulnerable": false}, {"criteria": "cpe:2.3:h:mediatek:mt9970:-:*:*:*:*:*:*:*", "matchCriteriaId": "961C13C3-2C3D-46B1-A618-D45920EC5E95", "vulnerable": false}, {"criteria": "cpe:2.3:h:mediatek:mt9980:-:*:*:*:*:*:*:*", "matchCriteriaId": "16B4C37E-B6CA-4176-B98D-E1C9E66472EA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "In video decoder, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05917489; Issue ID: ALPS05917489."}, {"lang": "es", "value": "En video decoder, es posible que sea producida una escritura fuera de l\u00edmites debido a una falta de comprobaci\u00f3n de los l\u00edmites. Esto podr\u00eda conllevar a una escalada local de privilegios sin ser necesarios privilegios de ejecuci\u00f3n adicionales. No es requerida una interacci\u00f3n del usuario para su explotaci\u00f3n. ID del parche: ALPS05917489; ID de Incidencia: ALPS05917489"}], "id": "CVE-2022-20047", "lastModified": "2022-03-15T18:40:52.517", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-03-10T17:45:02.267", "references": [{"source": "security@mediatek.com", "tags": ["Vendor Advisory"], "url": "https://corp.mediatek.com/product-security-bulletin/March-2022"}], "sourceIdentifier": "security@mediatek.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}]}