Description

In preloader (usb), there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, for an attacker who has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS06160806; Issue ID: ALPS06160820.

Related CPE's

o

google

android

3

h

mediatek

mt6761

-

h

mediatek

mt6762

-

h

mediatek

mt6765

-

h

mediatek

mt6768

-

h

mediatek

mt6771

-

h

mediatek

mt6779

-

h

mediatek

mt6781

-

h

mediatek

mt6785

-

h

mediatek

mt6833

-

h

mediatek

mt6853

-

h

mediatek

mt6853t

-

h

mediatek

mt6873

-

h

mediatek

mt6877

-

h

mediatek

mt6885

-

h

mediatek

mt6893

-

h

mediatek

mt8183

-

h

mediatek

mt8185

-

h

mediatek

mt8321

-

h

mediatek

mt8385

-

h

mediatek

mt8666

-

h

mediatek

mt8667

-

h

mediatek

mt8675

-

h

mediatek

mt8735a

-

h

mediatek

mt8735b

-

h

mediatek

mt8765

-

h

mediatek

mt8766

-

h

mediatek

mt8768

-

h

mediatek

mt8786

-

h

mediatek

mt8788

-

h

mediatek

mt8789

-

h

mediatek

mt8791

-

h

mediatek

mt8797

-

References

https://corp.mediatek.com/product-security-bulletin/March-2022

Vendor Advisory

Weaknesses

[email protected]

Primary
CWE-787

CVSS impact metrics

CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

6.6 · Medium

  • CVSS V3.1

  • CVSS V3.0

  • CVSS V2.0

Information

Source identifier

[email protected]

Vulnerability status

Analyzed

Published

2022-03-10T17:45:05.983

3 years ago

Last modified

2022-03-18T01:09:29.063

3 years ago