CVE-2022-26449 - OpenCVE

In apusys, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07177810; Issue ID: ALPS07177810.

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Mediatek	Mt6983 Mt6895 Mt6879
Google	Android

Configuration 1 [-]

AND

cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*

OR	cpe:2.3:h:mediatek:mt6879:-:::::::*
	cpe:2.3:h:mediatek:mt6895:-:::::::*
	cpe:2.3:h:mediatek:mt6983:-:::::::*

References

Link	Resource
https://corp.mediatek.com/product-security-bulletin/September-2022	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: MediaTek

Published: 2022-09-06T17:19:04

Updated: 2022-09-06T17:19:04

Reserved: 2022-03-04T00:00:00

Link: CVE-2022-26449

JSON object: View

NVD Information

Status : Analyzed

Published: 2022-09-06T18:15:11.690

Modified: 2022-09-09T04:35:17.530

Link: CVE-2022-26449

JSON object: View

Redhat Information

No data.

CWE

CWE-787

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", "matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*", "matchCriteriaId": "704BE5CE-AE08-4432-A8B0-4C8BD62148AD", "vulnerable": false}, {"criteria": "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*", "matchCriteriaId": "E0CA45C9-7BFE-4C93-B2AF-B86501F763AB", "vulnerable": false}, {"criteria": "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*", "matchCriteriaId": "EB6B9A26-F8A1-4322-AA4E-CDF8F7D99000", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "In apusys, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07177810; Issue ID: ALPS07177810."}, {"lang": "es", "value": "En apusys, es posible que se produzca una escritura fuera de l\u00edmites debido a una falta de comprobaci\u00f3n de l\u00edmites. Esto podr\u00eda conllevar a una escalada de privilegios local con privilegios de ejecuci\u00f3n System requeridos. No es requerida una interacci\u00f3n del usuario para su explotaci\u00f3n. ID del Parche: ALPS07177810; ID de Incidencia: ALPS07177810.\n"}], "id": "CVE-2022-26449", "lastModified": "2022-09-09T04:35:17.530", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-09-06T18:15:11.690", "references": [{"source": "security@mediatek.com", "tags": ["Vendor Advisory"], "url": "https://corp.mediatek.com/product-security-bulletin/September-2022"}], "sourceIdentifier": "security@mediatek.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}]}