Summaryinfo

A vulnerability classified as critical has been found in MediaTek MT6833, MT6853, MT6855, MT6873, MT6877, MT6893 and MT8791. This affects an unknown part of the component isp. The manipulation leads to out-of-bounds write. This vulnerability is uniquely identified as CVE-2022-32628. The attack needs to be approached locally. There is no exploit available. It is recommended to apply a patch to fix this issue. If you want to get best quality of vulnerability data, you may have to visit VulDB.

Detailsinfo

A vulnerability was found in MediaTek MT6833, MT6853, MT6855, MT6873, MT6877, MT6893 and MT8791 (Chip Software). It has been rated as critical. Affected by this issue is some unknown functionality of the component isp. The manipulation with an unknown input leads to a out-of-bounds write vulnerability. Using CWE to declare the problem leads to CWE-787. The product writes data past the end, or before the beginning, of the intended buffer. Impacted is confidentiality, integrity, and availability. CVE summarizes:

In isp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07310780; Issue ID: ALPS07310780.

The weakness was shared 12/06/2022 as ALPS07310780. The advisory is available at corp.mediatek.com. This vulnerability is handled as CVE-2022-32628 since 06/09/2022. The technical details are unknown and an exploit is not available.

Applying the patch ALPS07310780 is able to eliminate this problem.

If you want to get best quality of vulnerability data, you may have to visit VulDB.

Productinfo

Type

• Chip Software

Vendor

• MediaTek

Name

• MT6833
• MT6853
• MT6855
• MT6873
• MT6877
• MT6893
• MT8791

License

• commercial

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion