Details of VAR-202206-0211

ID

VAR-202206-0211

CVE

CVE-2022-21762

TITLE

Google of Android Integer overflow vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2022-010920

DESCRIPTION

In apusys driver, there is a possible system crash due to an integer overflow. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06477946; Issue ID: ALPS06477946. Google of Android Exists in an integer overflow vulnerability.Service operation interruption (DoS) It may be in a state. MediaTek Inc. is the world's fourth-largest foundry semiconductor company. It is in a leading position in the markets of mobile terminals, smart home applications, wireless connection technology and Internet of Things products, with approximately 1.5 billion units a year End products with built-in MediaTek chips are available all over the world. The vulnerability is caused by the fact that the apusys driver does not properly verify data boundaries when performing operations on memory

Trust: 2.25

sources: NVD: CVE-2022-21762 // JVNDB: JVNDB-2022-010920 // CNVD: CNVD-2022-88293 // VULMON: CVE-2022-21762

IOT TAXONOMY

category:

['IoT']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2022-88293

AFFECTED PRODUCTS

vendor:	google	model:	android	scope:	eq	version:	12.0	Trust: 1.8
vendor:	google	model:	android	scope:	-	version:	-	Trust: 0.8
vendor:	google	model:	android	scope:	eq	version:	-	Trust: 0.8
vendor:	mediatek	model:	mt6873 android12.0	scope:	-	version:	-	Trust: 0.6
vendor:	mediatek	model:	mt6875 android12.0	scope:	-	version:	-	Trust: 0.6
vendor:	mediatek	model:	mt6877 android12.0	scope:	-	version:	-	Trust: 0.6
vendor:	mediatek	model:	mt6883 android12.0	scope:	-	version:	-	Trust: 0.6
vendor:	mediatek	model:	mt6885 android12.0	scope:	-	version:	-	Trust: 0.6
vendor:	mediatek	model:	mt6889 android12.0	scope:	-	version:	-	Trust: 0.6
vendor:	mediatek	model:	mt6853 android12.0	scope:	-	version:	-	Trust: 0.6
vendor:	mediatek	model:	mt6893 android12.0	scope:	-	version:	-	Trust: 0.6
vendor:	mediatek	model:	mt6853t android12.0	scope:	-	version:	-	Trust: 0.6
vendor:	mediatek	model:	mt6891 android12.0	scope:	-	version:	-	Trust: 0.6
vendor:	mediatek	model:	mt9636 android12.0	scope:	-	version:	-	Trust: 0.6
vendor:	mediatek	model:	mt9638 android12.0	scope:	-	version:	-	Trust: 0.6
vendor:	mediatek	model:	mt9666 android12.0	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2022-88293 // JVNDB: JVNDB-2022-010920 // NVD: CVE-2022-21762

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-21762
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2022-21762
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2022-88293
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202206-615
value:	MEDIUM
Trust: 0.6
VULMON:	CVE-2022-21762
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2022-21762
severity:	MEDIUM
baseScore:	4.9
vectorString:	AV:L/AC:L/AU:N/C:N/I:N/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
CNVD:	CNVD-2022-88293
severity:	MEDIUM
baseScore:	4.9
vectorString:	AV:L/AC:L/AU:N/C:N/I:N/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2022-21762
baseSeverity:	MEDIUM
baseScore:	4.4
vectorString:	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	0.8
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2022-21762
baseSeverity:	MEDIUM
baseScore:	4.4
vectorString:	CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2022-88293 // VULMON: CVE-2022-21762 // JVNDB: JVNDB-2022-010920 // CNNVD: CNNVD-202206-615 // NVD: CVE-2022-21762

PROBLEMTYPE DATA

problemtype:	CWE-190	Trust: 1.0
problemtype:	Integer overflow or wraparound (CWE-190) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2022-010920 // NVD: CVE-2022-21762

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202206-615

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202206-615

PATCH

title:	Patch for Buffer Overflow Vulnerability in APUSYS Driver of Multiple MediaTek Chips	url:	https://www.cnvd.org.cn/patchInfo/show/354096	Trust: 0.6
title:	MediaTek Enter the fix for the verification error vulnerability	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=196000	Trust: 0.6
title:	CVE-2022-XXXX	url:	https://github.com/AlphabugX/CVE-2022-23305	Trust: 0.1
title:	CVE-2022-XXXX	url:	https://github.com/AlphabugX/CVE-2022-RCE	Trust: 0.1

sources: CNVD: CNVD-2022-88293 // VULMON: CVE-2022-21762 // CNNVD: CNNVD-202206-615

EXTERNAL IDS

db:	NVD	id:	CVE-2022-21762	Trust: 3.9
db:	JVNDB	id:	JVNDB-2022-010920	Trust: 0.8
db:	CNVD	id:	CNVD-2022-88293	Trust: 0.6
db:	CNNVD	id:	CNNVD-202206-615	Trust: 0.6
db:	VULMON	id:	CVE-2022-21762	Trust: 0.1

sources: CNVD: CNVD-2022-88293 // VULMON: CVE-2022-21762 // JVNDB: JVNDB-2022-010920 // CNNVD: CNNVD-202206-615 // NVD: CVE-2022-21762

REFERENCES

url:	https://corp.mediatek.com/product-security-bulletin/june-2022	Trust: 2.5
url:	https://nvd.nist.gov/vuln/detail/cve-2022-21762	Trust: 1.4
url:	https://cxsecurity.com/cveshow/cve-2022-21762/	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/190.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://github.com/alphabugx/cve-2022-23305	Trust: 0.1

sources: CNVD: CNVD-2022-88293 // VULMON: CVE-2022-21762 // JVNDB: JVNDB-2022-010920 // CNNVD: CNNVD-202206-615 // NVD: CVE-2022-21762

SOURCES

db:	CNVD	id:	CNVD-2022-88293
db:	VULMON	id:	CVE-2022-21762
db:	JVNDB	id:	JVNDB-2022-010920
db:	CNNVD	id:	CNNVD-202206-615
db:	NVD	id:	CVE-2022-21762

LAST UPDATE DATE

2024-11-23T22:47:21.630000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2022-88293	date:	2022-12-18T00:00:00
db:	VULMON	id:	CVE-2022-21762	date:	2022-06-13T00:00:00
db:	JVNDB	id:	JVNDB-2022-010920	date:	2023-08-17T08:35:00
db:	CNNVD	id:	CNNVD-202206-615	date:	2022-06-14T00:00:00
db:	NVD	id:	CVE-2022-21762	date:	2024-11-21T06:45:23.350

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2022-88293	date:	2022-09-30T00:00:00
db:	VULMON	id:	CVE-2022-21762	date:	2022-06-06T00:00:00
db:	JVNDB	id:	JVNDB-2022-010920	date:	2023-08-17T00:00:00
db:	CNNVD	id:	CNNVD-202206-615	date:	2022-06-06T00:00:00
db:	NVD	id:	CVE-2022-21762	date:	2022-06-06T18:15:09.257