Details of VAR-202210-0108

ID

VAR-202210-0108

CVE

CVE-2022-26474

TITLE

Google of Android Buffer Size Miscalculation Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2022-018678

DESCRIPTION

In sensorhub, there is a possible out of bounds write due to an incorrect calculation of buffer size. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07129717; Issue ID: ALPS07129717. Google of Android contains a buffer size miscalculation vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. MediaTek Inc. is the world's fourth-largest foundry semiconductor company. It is in a leading position in the markets of mobile terminals, smart home applications, wireless connection technology and Internet of Things products, with approximately 1.5 billion units a year End products with built-in MediaTek chips are available all over the world

Trust: 2.16

sources: NVD: CVE-2022-26474 // JVNDB: JVNDB-2022-018678 // CNVD: CNVD-2022-87960

IOT TAXONOMY

category:

['IoT']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2022-87960

AFFECTED PRODUCTS

vendor:	google	model:	android	scope:	eq	version:	12.0	Trust: 1.8
vendor:	google	model:	android	scope:	eq	version:	-	Trust: 0.8
vendor:	google	model:	android	scope:	-	version:	-	Trust: 0.8
vendor:	mediatek	model:	mt6855 android	scope:	eq	version:	12.0	Trust: 0.6
vendor:	mediatek	model:	mt6879 android	scope:	eq	version:	12.0	Trust: 0.6
vendor:	mediatek	model:	mt6983 android	scope:	eq	version:	12.0	Trust: 0.6
vendor:	mediatek	model:	mt6895 android	scope:	eq	version:	12.0	Trust: 0.6
vendor:	mediatek	model:	mt6789 android	scope:	eq	version:	12.0	Trust: 0.6

sources: CNVD: CNVD-2022-87960 // JVNDB: JVNDB-2022-018678 // NVD: CVE-2022-26474

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-26474
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2022-26474
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2022-87960
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202210-345
value:	MEDIUM
Trust: 0.6

CNVD:	CNVD-2022-87960
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:L/AC:L/AU:S/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.1
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2022-26474
baseSeverity:	MEDIUM
baseScore:	6.7
vectorString:	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	0.8
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2022-26474
baseSeverity:	MEDIUM
baseScore:	6.7
vectorString:	CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2022-87960 // JVNDB: JVNDB-2022-018678 // CNNVD: CNNVD-202210-345 // NVD: CVE-2022-26474

PROBLEMTYPE DATA

problemtype:	CWE-131	Trust: 1.0
problemtype:	Miscalculation of buffer size (CWE-131) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2022-018678 // NVD: CVE-2022-26474

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202210-345

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202210-345

PATCH

title:	Patch for Various MediaTek chip sensorhub local privilege escalation vulnerabilities	url:	https://www.cnvd.org.cn/patchInfo/show/372256	Trust: 0.6
title:	MediaTek Fixes for chip security vulnerabilities	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=209984	Trust: 0.6

sources: CNVD: CNVD-2022-87960 // CNNVD: CNNVD-202210-345

EXTERNAL IDS

db:	NVD	id:	CVE-2022-26474	Trust: 3.8
db:	JVNDB	id:	JVNDB-2022-018678	Trust: 0.8
db:	CNVD	id:	CNVD-2022-87960	Trust: 0.6
db:	CNNVD	id:	CNNVD-202210-345	Trust: 0.6

sources: CNVD: CNVD-2022-87960 // JVNDB: JVNDB-2022-018678 // CNNVD: CNNVD-202210-345 // NVD: CVE-2022-26474

REFERENCES

url:	https://corp.mediatek.com/product-security-bulletin/october-2022	Trust: 3.0
url:	https://nvd.nist.gov/vuln/detail/cve-2022-26474	Trust: 0.8
url:	https://cxsecurity.com/cveshow/cve-2022-26474/	Trust: 0.6

sources: CNVD: CNVD-2022-87960 // JVNDB: JVNDB-2022-018678 // CNNVD: CNNVD-202210-345 // NVD: CVE-2022-26474

SOURCES

db:	CNVD	id:	CNVD-2022-87960
db:	JVNDB	id:	JVNDB-2022-018678
db:	CNNVD	id:	CNNVD-202210-345
db:	NVD	id:	CVE-2022-26474

LAST UPDATE DATE

2024-08-14T15:16:28.476000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2022-87960	date:	2022-12-15T00:00:00
db:	JVNDB	id:	JVNDB-2022-018678	date:	2023-10-20T08:28:00
db:	CNNVD	id:	CNNVD-202210-345	date:	2022-10-12T00:00:00
db:	NVD	id:	CVE-2022-26474	date:	2022-10-11T15:15:31.563

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2022-87960	date:	2022-12-15T00:00:00
db:	JVNDB	id:	JVNDB-2022-018678	date:	2023-10-20T00:00:00
db:	CNNVD	id:	CNNVD-202210-345	date:	2022-10-07T00:00:00
db:	NVD	id:	CVE-2022-26474	date:	2022-10-07T20:15:11.143