ID
VAR-202210-0107
CVE
CVE-2022-26475
TITLE
Google of Android Out-of-Bounds Write Vulnerability in Other Vendors' Products
Trust: 0.8
sources:
JVNDB: JVNDB-2022-018677
DESCRIPTION
In wlan, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07310743; Issue ID: ALPS07310743. Google of Android Products from other vendors have out-of-bounds write vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. MediaTek Inc. is the world's fourth-largest foundry semiconductor company. It is in a leading position in the markets of mobile terminals, smart home applications, wireless connection technology and Internet of Things products, with approximately 1.5 billion units a year End products with built-in MediaTek chips are available all over the world. This vulnerability is due to the lack of boundary checks in wlan, resulting in out-of-bounds writes
Trust: 2.16
sources:
NVD: CVE-2022-26475 //
JVNDB: JVNDB-2022-018677 //
CNVD: CNVD-2022-87963
IOT TAXONOMY
| category: | ['IoT'] | sub_category: | - | Trust: 0.6 |
sources:
CNVD: CNVD-2022-87963
AFFECTED PRODUCTS
| vendor: | model: | android | scope: | eq | version: | 12.0 | Trust: 1.0 | |
| vendor: | linuxfoundation | model: | yocto | scope: | eq | version: | 3.3 | Trust: 1.0 |
| vendor: | model: | android | scope: | eq | version: | 11.0 | Trust: 1.0 | |
| vendor: | linuxfoundation | model: | yocto | scope: | eq | version: | 3.1 | Trust: 1.0 |
| vendor: | model: | android | scope: | - | version: | - | Trust: 0.8 | |
| vendor: | linux | model: | yocto | scope: | - | version: | - | Trust: 0.8 |
| vendor: | mediatek | model: | mt6789 android | scope: | eq | version: | 11.0 | Trust: 0.6 |
| vendor: | mediatek | model: | mt6853 android | scope: | eq | version: | 11.0 | Trust: 0.6 |
| vendor: | mediatek | model: | mt6855 android | scope: | eq | version: | 11.0 | Trust: 0.6 |
| vendor: | mediatek | model: | mt6873 android | scope: | eq | version: | 11.0 | Trust: 0.6 |
| vendor: | mediatek | model: | mt6875 android | scope: | eq | version: | 11.0 | Trust: 0.6 |
| vendor: | mediatek | model: | mt6883 android | scope: | eq | version: | 11.0 | Trust: 0.6 |
| vendor: | mediatek | model: | mt6885 android | scope: | eq | version: | 11.0 | Trust: 0.6 |
| vendor: | mediatek | model: | mt6889 android | scope: | eq | version: | 11.0 | Trust: 0.6 |
| vendor: | mediatek | model: | mt6983 android | scope: | eq | version: | 11.0 | Trust: 0.6 |
| vendor: | mediatek | model: | mt6769 android | scope: | eq | version: | 12.0 | Trust: 0.6 |
| vendor: | mediatek | model: | mt6769 android | scope: | eq | version: | 11.0 | Trust: 0.6 |
| vendor: | mediatek | model: | mt6781 android | scope: | eq | version: | 12.0 | Trust: 0.6 |
| vendor: | mediatek | model: | mt6781 android | scope: | eq | version: | 11.0 | Trust: 0.6 |
| vendor: | mediatek | model: | mt6785 android | scope: | eq | version: | 12.0 | Trust: 0.6 |
| vendor: | mediatek | model: | mt6785 android | scope: | eq | version: | 11.0 | Trust: 0.6 |
| vendor: | mediatek | model: | mt6855 android | scope: | eq | version: | 12.0 | Trust: 0.6 |
| vendor: | mediatek | model: | mt6879 android | scope: | eq | version: | 12.0 | Trust: 0.6 |
| vendor: | mediatek | model: | mt6879 android | scope: | eq | version: | 11.0 | Trust: 0.6 |
| vendor: | mediatek | model: | mt6983 android | scope: | eq | version: | 12.0 | Trust: 0.6 |
| vendor: | mediatek | model: | mt6853 android | scope: | eq | version: | 12.0 | Trust: 0.6 |
| vendor: | mediatek | model: | mt6873 android | scope: | eq | version: | 12.0 | Trust: 0.6 |
| vendor: | mediatek | model: | mt6883 android | scope: | eq | version: | 12.0 | Trust: 0.6 |
| vendor: | mediatek | model: | mt6885 android | scope: | eq | version: | 12.0 | Trust: 0.6 |
| vendor: | mediatek | model: | mt6889 android | scope: | eq | version: | 12.0 | Trust: 0.6 |
| vendor: | mediatek | model: | mt6895 android | scope: | eq | version: | 12.0 | Trust: 0.6 |
| vendor: | mediatek | model: | mt6895 android | scope: | eq | version: | 11.0 | Trust: 0.6 |
| vendor: | mediatek | model: | mt6761 android | scope: | eq | version: | 12.0 | Trust: 0.6 |
| vendor: | mediatek | model: | mt6761 android | scope: | eq | version: | 11.0 | Trust: 0.6 |
| vendor: | mediatek | model: | mt6765 android | scope: | eq | version: | 12.0 | Trust: 0.6 |
| vendor: | mediatek | model: | mt6765 android | scope: | eq | version: | 11.0 | Trust: 0.6 |
| vendor: | mediatek | model: | mt6768 android | scope: | eq | version: | 12.0 | Trust: 0.6 |
| vendor: | mediatek | model: | mt6768 android | scope: | eq | version: | 11.0 | Trust: 0.6 |
| vendor: | mediatek | model: | mt6779 android | scope: | eq | version: | 12.0 | Trust: 0.6 |
| vendor: | mediatek | model: | mt6779 android | scope: | eq | version: | 11.0 | Trust: 0.6 |
| vendor: | mediatek | model: | mt6875 android | scope: | eq | version: | 12.0 | Trust: 0.6 |
| vendor: | mediatek | model: | mt8183 android | scope: | eq | version: | 12.0 | Trust: 0.6 |
| vendor: | mediatek | model: | mt8183 android | scope: | eq | version: | 11.0 | Trust: 0.6 |
| vendor: | mediatek | model: | mt8365 android | scope: | eq | version: | 12.0 | Trust: 0.6 |
| vendor: | mediatek | model: | mt8365 android | scope: | eq | version: | 11.0 | Trust: 0.6 |
| vendor: | mediatek | model: | mt8385 android | scope: | eq | version: | 12.0 | Trust: 0.6 |
| vendor: | mediatek | model: | mt8385 android | scope: | eq | version: | 11.0 | Trust: 0.6 |
| vendor: | mediatek | model: | mt8768 android | scope: | eq | version: | 12.0 | Trust: 0.6 |
| vendor: | mediatek | model: | mt8768 android | scope: | eq | version: | 11.0 | Trust: 0.6 |
| vendor: | mediatek | model: | mt8786 android | scope: | eq | version: | 12.0 | Trust: 0.6 |
| vendor: | mediatek | model: | mt8786 android | scope: | eq | version: | 11.0 | Trust: 0.6 |
| vendor: | mediatek | model: | mt8788 android | scope: | eq | version: | 12.0 | Trust: 0.6 |
| vendor: | mediatek | model: | mt8788 android | scope: | eq | version: | 11.0 | Trust: 0.6 |
| vendor: | mediatek | model: | mt8167s android | scope: | eq | version: | 12.0 | Trust: 0.6 |
| vendor: | mediatek | model: | mt8167s android | scope: | eq | version: | 11.0 | Trust: 0.6 |
| vendor: | mediatek | model: | mt8175 android | scope: | eq | version: | 12.0 | Trust: 0.6 |
| vendor: | mediatek | model: | mt8175 android | scope: | eq | version: | 11.0 | Trust: 0.6 |
| vendor: | mediatek | model: | mt8185 android | scope: | eq | version: | 12.0 | Trust: 0.6 |
| vendor: | mediatek | model: | mt8185 android | scope: | eq | version: | 11.0 | Trust: 0.6 |
| vendor: | mediatek | model: | mt8362a android | scope: | eq | version: | 12.0 | Trust: 0.6 |
| vendor: | mediatek | model: | mt8362a android | scope: | eq | version: | 11.0 | Trust: 0.6 |
| vendor: | mediatek | model: | mt8667 android | scope: | eq | version: | 12.0 | Trust: 0.6 |
| vendor: | mediatek | model: | mt8667 android | scope: | eq | version: | 11.0 | Trust: 0.6 |
| vendor: | mediatek | model: | mt8766 android | scope: | eq | version: | 12.0 | Trust: 0.6 |
| vendor: | mediatek | model: | mt8766 android | scope: | eq | version: | 11.0 | Trust: 0.6 |
| vendor: | mediatek | model: | mt6761 yocto | scope: | eq | version: | 3.1 | Trust: 0.6 |
| vendor: | mediatek | model: | mt6761 yocto | scope: | eq | version: | 3.3 | Trust: 0.6 |
| vendor: | mediatek | model: | mt6762 android | scope: | eq | version: | 11.0 | Trust: 0.6 |
| vendor: | mediatek | model: | mt6762 android | scope: | eq | version: | 12.0 | Trust: 0.6 |
| vendor: | mediatek | model: | mt6762 yocto | scope: | eq | version: | 3.1 | Trust: 0.6 |
| vendor: | mediatek | model: | mt6762 yocto | scope: | eq | version: | 3.3 | Trust: 0.6 |
| vendor: | mediatek | model: | mt6765 yocto | scope: | eq | version: | 3.1 | Trust: 0.6 |
| vendor: | mediatek | model: | mt6765 yocto | scope: | eq | version: | 3.3 | Trust: 0.6 |
| vendor: | mediatek | model: | mt6768 yocto | scope: | eq | version: | 3.1 | Trust: 0.6 |
| vendor: | mediatek | model: | mt6768 yocto | scope: | eq | version: | 3.3 | Trust: 0.6 |
| vendor: | mediatek | model: | mt6769 yocto | scope: | eq | version: | 3.1 | Trust: 0.6 |
| vendor: | mediatek | model: | mt6769 yocto | scope: | eq | version: | 3.3 | Trust: 0.6 |
| vendor: | mediatek | model: | mt6779 yocto | scope: | eq | version: | 3.1 | Trust: 0.6 |
| vendor: | mediatek | model: | mt6779 yocto | scope: | eq | version: | 3.3 | Trust: 0.6 |
| vendor: | mediatek | model: | mt6781 yocto | scope: | eq | version: | 3.1 | Trust: 0.6 |
| vendor: | mediatek | model: | mt6781 yocto | scope: | eq | version: | 3.3 | Trust: 0.6 |
| vendor: | mediatek | model: | mt6785 yocto | scope: | eq | version: | 3.1 | Trust: 0.6 |
| vendor: | mediatek | model: | mt6785 yocto | scope: | eq | version: | 3.3 | Trust: 0.6 |
| vendor: | mediatek | model: | mt6789 android | scope: | eq | version: | 12.0 | Trust: 0.6 |
| vendor: | mediatek | model: | mt6789 yocto | scope: | eq | version: | 3.1 | Trust: 0.6 |
| vendor: | mediatek | model: | mt6789 yocto | scope: | eq | version: | 3.3 | Trust: 0.6 |
| vendor: | mediatek | model: | mt6853 yocto | scope: | eq | version: | 3.1 | Trust: 0.6 |
| vendor: | mediatek | model: | mt6853 yocto | scope: | eq | version: | 3.3 | Trust: 0.6 |
| vendor: | mediatek | model: | mt6855 yocto | scope: | eq | version: | 3.1 | Trust: 0.6 |
| vendor: | mediatek | model: | mt6855 yocto | scope: | eq | version: | 3.3 | Trust: 0.6 |
| vendor: | mediatek | model: | mt6873 yocto | scope: | eq | version: | 3.1 | Trust: 0.6 |
| vendor: | mediatek | model: | mt6873 yocto | scope: | eq | version: | 3.3 | Trust: 0.6 |
| vendor: | mediatek | model: | mt6875 yocto | scope: | eq | version: | 3.1 | Trust: 0.6 |
| vendor: | mediatek | model: | mt6875 yocto | scope: | eq | version: | 3.3 | Trust: 0.6 |
| vendor: | mediatek | model: | mt6879 yocto | scope: | eq | version: | 3.1 | Trust: 0.6 |
| vendor: | mediatek | model: | mt6879 yocto | scope: | eq | version: | 3.3 | Trust: 0.6 |
| vendor: | mediatek | model: | mt6883 yocto | scope: | eq | version: | 3.1 | Trust: 0.6 |
| vendor: | mediatek | model: | mt6883 yocto | scope: | eq | version: | 3.3 | Trust: 0.6 |
| vendor: | mediatek | model: | mt6885 yocto | scope: | eq | version: | 3.1 | Trust: 0.6 |
| vendor: | mediatek | model: | mt6885 yocto | scope: | eq | version: | 3.3 | Trust: 0.6 |
| vendor: | mediatek | model: | mt6889 yocto | scope: | eq | version: | 3.1 | Trust: 0.6 |
| vendor: | mediatek | model: | mt6889 yocto | scope: | eq | version: | 3.3 | Trust: 0.6 |
| vendor: | mediatek | model: | mt6895 yocto | scope: | eq | version: | 3.1 | Trust: 0.6 |
| vendor: | mediatek | model: | mt6895 yocto | scope: | eq | version: | 3.3 | Trust: 0.6 |
| vendor: | mediatek | model: | mt6983 yocto | scope: | eq | version: | 3.1 | Trust: 0.6 |
| vendor: | mediatek | model: | mt6983 yocto | scope: | eq | version: | 3.3 | Trust: 0.6 |
| vendor: | mediatek | model: | mt7663 android | scope: | eq | version: | 11.0 | Trust: 0.6 |
| vendor: | mediatek | model: | mt7663 android | scope: | eq | version: | 12.0 | Trust: 0.6 |
| vendor: | mediatek | model: | mt7663 yocto | scope: | eq | version: | 3.1 | Trust: 0.6 |
| vendor: | mediatek | model: | mt7663 yocto | scope: | eq | version: | 3.3 | Trust: 0.6 |
| vendor: | mediatek | model: | mt7902 android | scope: | eq | version: | 11.0 | Trust: 0.6 |
| vendor: | mediatek | model: | mt7902 android | scope: | eq | version: | 12.0 | Trust: 0.6 |
| vendor: | mediatek | model: | mt7902 yocto | scope: | eq | version: | 3.1 | Trust: 0.6 |
| vendor: | mediatek | model: | mt7902 yocto | scope: | eq | version: | 3.3 | Trust: 0.6 |
| vendor: | mediatek | model: | mt7921 android | scope: | eq | version: | 11.0 | Trust: 0.6 |
| vendor: | mediatek | model: | mt7921 android | scope: | eq | version: | 12.0 | Trust: 0.6 |
| vendor: | mediatek | model: | mt7921 yocto | scope: | eq | version: | 3.1 | Trust: 0.6 |
| vendor: | mediatek | model: | mt7921 yocto | scope: | eq | version: | 3.3 | Trust: 0.6 |
| vendor: | mediatek | model: | mt8167s yocto | scope: | eq | version: | 3.1 | Trust: 0.6 |
| vendor: | mediatek | model: | mt8167s yocto | scope: | eq | version: | 3.3 | Trust: 0.6 |
| vendor: | mediatek | model: | mt8175 yocto | scope: | eq | version: | 3.1 | Trust: 0.6 |
| vendor: | mediatek | model: | mt8175 yocto | scope: | eq | version: | 3.3 | Trust: 0.6 |
| vendor: | mediatek | model: | mt8183 yocto | scope: | eq | version: | 3.1 | Trust: 0.6 |
| vendor: | mediatek | model: | mt8183 yocto | scope: | eq | version: | 3.3 | Trust: 0.6 |
| vendor: | mediatek | model: | mt8185 yocto | scope: | eq | version: | 3.1 | Trust: 0.6 |
| vendor: | mediatek | model: | mt8185 yocto | scope: | eq | version: | 3.3 | Trust: 0.6 |
| vendor: | mediatek | model: | mt8362a yocto | scope: | eq | version: | 3.1 | Trust: 0.6 |
| vendor: | mediatek | model: | mt8362a yocto | scope: | eq | version: | 3.3 | Trust: 0.6 |
| vendor: | mediatek | model: | mt8365 yocto | scope: | eq | version: | 3.1 | Trust: 0.6 |
| vendor: | mediatek | model: | mt8365 yocto | scope: | eq | version: | 3.3 | Trust: 0.6 |
| vendor: | mediatek | model: | mt8385 yocto | scope: | eq | version: | 3.1 | Trust: 0.6 |
| vendor: | mediatek | model: | mt8385 yocto | scope: | eq | version: | 3.3 | Trust: 0.6 |
| vendor: | mediatek | model: | mt8512a android | scope: | eq | version: | 11.0 | Trust: 0.6 |
| vendor: | mediatek | model: | mt8512a android | scope: | eq | version: | 12.0 | Trust: 0.6 |
| vendor: | mediatek | model: | mt8512a yocto | scope: | eq | version: | 3.1 | Trust: 0.6 |
| vendor: | mediatek | model: | mt8512a yocto | scope: | eq | version: | 3.3 | Trust: 0.6 |
| vendor: | mediatek | model: | mt8518 android | scope: | eq | version: | 11.0 | Trust: 0.6 |
| vendor: | mediatek | model: | mt8518 android | scope: | eq | version: | 12.0 | Trust: 0.6 |
| vendor: | mediatek | model: | mt8518 yocto | scope: | eq | version: | 3.1 | Trust: 0.6 |
| vendor: | mediatek | model: | mt8518 yocto | scope: | eq | version: | 3.3 | Trust: 0.6 |
| vendor: | mediatek | model: | mt8532 android | scope: | eq | version: | 11.0 | Trust: 0.6 |
| vendor: | mediatek | model: | mt8532 android | scope: | eq | version: | 12.0 | Trust: 0.6 |
| vendor: | mediatek | model: | mt8532 yocto | scope: | eq | version: | 3.1 | Trust: 0.6 |
| vendor: | mediatek | model: | mt8532 yocto | scope: | eq | version: | 3.3 | Trust: 0.6 |
| vendor: | mediatek | model: | mt8667 yocto | scope: | eq | version: | 3.1 | Trust: 0.6 |
| vendor: | mediatek | model: | mt8667 yocto | scope: | eq | version: | 3.3 | Trust: 0.6 |
| vendor: | mediatek | model: | mt8695 android | scope: | eq | version: | 11.0 | Trust: 0.6 |
| vendor: | mediatek | model: | mt8695 android | scope: | eq | version: | 12.0 | Trust: 0.6 |
| vendor: | mediatek | model: | mt8695 yocto | scope: | eq | version: | 3.1 | Trust: 0.6 |
| vendor: | mediatek | model: | mt8695 yocto | scope: | eq | version: | 3.3 | Trust: 0.6 |
| vendor: | mediatek | model: | mt8696 android | scope: | eq | version: | 11.0 | Trust: 0.6 |
| vendor: | mediatek | model: | mt8696 android | scope: | eq | version: | 12.0 | Trust: 0.6 |
| vendor: | mediatek | model: | mt8696 yocto | scope: | eq | version: | 3.1 | Trust: 0.6 |
| vendor: | mediatek | model: | mt8696 yocto | scope: | eq | version: | 3.3 | Trust: 0.6 |
| vendor: | mediatek | model: | mt8766 yocto | scope: | eq | version: | 3.1 | Trust: 0.6 |
| vendor: | mediatek | model: | mt8766 yocto | scope: | eq | version: | 3.3 | Trust: 0.6 |
| vendor: | mediatek | model: | mt8768 yocto | scope: | eq | version: | 3.1 | Trust: 0.6 |
| vendor: | mediatek | model: | mt8768 yocto | scope: | eq | version: | 3.3 | Trust: 0.6 |
| vendor: | mediatek | model: | mt8786 yocto | scope: | eq | version: | 3.1 | Trust: 0.6 |
| vendor: | mediatek | model: | mt8786 yocto | scope: | eq | version: | 3.3 | Trust: 0.6 |
| vendor: | mediatek | model: | mt8788 yocto | scope: | eq | version: | 3.1 | Trust: 0.6 |
| vendor: | mediatek | model: | mt8788 yocto | scope: | eq | version: | 3.3 | Trust: 0.6 |
| vendor: | mediatek | model: | mt8789 android | scope: | eq | version: | 11.0 | Trust: 0.6 |
| vendor: | mediatek | model: | mt8789 android | scope: | eq | version: | 12.0 | Trust: 0.6 |
| vendor: | mediatek | model: | mt8789 yocto | scope: | eq | version: | 3.1 | Trust: 0.6 |
| vendor: | mediatek | model: | mt8789 yocto | scope: | eq | version: | 3.3 | Trust: 0.6 |
sources:
CNVD: CNVD-2022-87963 //
JVNDB: JVNDB-2022-018677 //
NVD: CVE-2022-26475
CVSS
SEVERITY | CVSSV2 | CVSSV3 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|
sources:
CNVD: CNVD-2022-87963 //
JVNDB: JVNDB-2022-018677 //
CNNVD: CNNVD-202210-346 //
NVD: CVE-2022-26475
PROBLEMTYPE DATA
| problemtype: | CWE-787 | Trust: 1.0 |
| problemtype: | Out-of-bounds writing (CWE-787) [NVD evaluation ] | Trust: 0.8 |
sources:
JVNDB: JVNDB-2022-018677 //
NVD: CVE-2022-26475
THREAT TYPE
local
Trust: 0.6
sources:
CNNVD: CNNVD-202210-346
TYPE
input validation error
Trust: 0.6
sources:
CNNVD: CNNVD-202210-346
PATCH
| title: | Patch for Multiple MediaTek chips wlan local privilege escalation vulnerability | url: | https://www.cnvd.org.cn/patchInfo/show/372271 | Trust: 0.6 |
| title: | MediaTek Repair measures for chip input verification errors | url: | http://123.124.177.30/web/xxk/bdxqById.tag?id=210333 | Trust: 0.6 |
sources:
CNVD: CNVD-2022-87963 //
CNNVD: CNNVD-202210-346
EXTERNAL IDS
| db: | NVD | id: | CVE-2022-26475 | Trust: 3.8 |
| db: | JVNDB | id: | JVNDB-2022-018677 | Trust: 0.8 |
| db: | CNVD | id: | CNVD-2022-87963 | Trust: 0.6 |
| db: | CNNVD | id: | CNNVD-202210-346 | Trust: 0.6 |
sources:
CNVD: CNVD-2022-87963 //
JVNDB: JVNDB-2022-018677 //
CNNVD: CNNVD-202210-346 //
NVD: CVE-2022-26475
REFERENCES
| url: | https://corp.mediatek.com/product-security-bulletin/october-2022 | Trust: 3.0 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2022-26475 | Trust: 0.8 |
| url: | https://cxsecurity.com/cveshow/cve-2022-26475/ | Trust: 0.6 |
sources:
CNVD: CNVD-2022-87963 //
JVNDB: JVNDB-2022-018677 //
CNNVD: CNNVD-202210-346 //
NVD: CVE-2022-26475
SOURCES
| db: | CNVD | id: | CNVD-2022-87963 |
| db: | JVNDB | id: | JVNDB-2022-018677 |
| db: | CNNVD | id: | CNNVD-202210-346 |
| db: | NVD | id: | CVE-2022-26475 |
LAST UPDATE DATE
2024-08-14T14:43:41.801000+00:00
SOURCES UPDATE DATE
| db: | CNVD | id: | CNVD-2022-87963 | date: | 2022-12-15T00:00:00 |
| db: | JVNDB | id: | JVNDB-2022-018677 | date: | 2023-10-20T08:27:00 |
| db: | CNNVD | id: | CNNVD-202210-346 | date: | 2022-10-12T00:00:00 |
| db: | NVD | id: | CVE-2022-26475 | date: | 2023-12-22T20:54:25.650 |
SOURCES RELEASE DATE
| db: | CNVD | id: | CNVD-2022-87963 | date: | 2022-12-15T00:00:00 |
| db: | JVNDB | id: | JVNDB-2022-018677 | date: | 2023-10-20T00:00:00 |
| db: | CNNVD | id: | CNNVD-202210-346 | date: | 2022-10-07T00:00:00 |
| db: | NVD | id: | CVE-2022-26475 | date: | 2022-10-07T20:15:11.237 |