Vulnerabilities > CVE-2022-20108 - Out-of-bounds Write vulnerability in multiple products

CVSS 4.6 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

local

low complexity

google

linux

CWE-787

NVD

Published: 2022-05-03

Updated: 2022-05-12

Summary

In voice service, there is a possible out of bounds write due to a stack-based buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: DTV03330702; Issue ID: DTV03330702.

Vulnerable Configurations

Part	Description	Count
OS	Google Google Android 9.0 Google Android 10.0 Google Android 11.0	3
OS	Linux Linux Linux Kernel 4.9 Linux Linux Kernel 4.19	2
Hardware	Mediatek Mediatek Mt9629 - Mediatek Mt9631 - Mediatek Mt9632 - Mediatek Mt9636 - Mediatek Mt9638 - Mediatek Mt9639 - Mediatek Mt9650 - Mediatek Mt9652 - Mediatek Mt9669 - Mediatek Mt9670 - Mediatek Mt9011 - Mediatek Mt9215 - Mediatek Mt9216 - Mediatek Mt9220 - Mediatek Mt9221 - Mediatek Mt9255 - Mediatek Mt9256 - Mediatek Mt9266 - Mediatek Mt9269 - Mediatek Mt9285 - Mediatek Mt9286 - Mediatek Mt9288 - Mediatek Mt9600 - Mediatek Mt9602 - Mediatek Mt9610 - Mediatek Mt9611 - Mediatek Mt9675 - Mediatek Mt9685 - Mediatek Mt9686 - Mediatek Mt9688 - Mediatek Mt9612 - Mediatek Mt9613 - Mediatek Mt9615 - Mediatek Mt9617 - Mediatek Mt9630 - Mediatek Mt9666 -	36

Common Weakness Enumeration (CWE)

CWE-787 - Out-of-bounds Write

References

https://corp.mediatek.com/product-security-bulletin/May-2022