Details of VAR-202211-0490

ID

VAR-202211-0490

CVE

CVE-2022-26446

TITLE

Reachable assertion vulnerability in multiple MediaTek products

Trust: 0.8

sources: JVNDB: JVNDB-2022-020614

DESCRIPTION

In Modem 4G RRC, there is a possible system crash due to improper input validation. This could lead to remote denial of service, when concatenating improper SIB12 (CMAS message), with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00867883; Issue ID: ALPS07274118. LR12A , LR13 , NR15 A reachable assertion vulnerability exists in several MediaTek products.Service operation interruption (DoS) It may be in a state

Trust: 1.62

sources: NVD: CVE-2022-26446 // JVNDB: JVNDB-2022-020614

AFFECTED PRODUCTS

vendor:	mediatek	model:	lr12a	scope:	eq	version:	-	Trust: 1.0
vendor:	mediatek	model:	lr13	scope:	eq	version:	-	Trust: 1.0
vendor:	mediatek	model:	nr16	scope:	eq	version:	-	Trust: 1.0
vendor:	mediatek	model:	nr15	scope:	eq	version:	-	Trust: 1.0
vendor:	メディアテック	model:	nr16	scope:	-	version:	-	Trust: 0.8
vendor:	メディアテック	model:	lr12a	scope:	-	version:	-	Trust: 0.8
vendor:	メディアテック	model:	nr15	scope:	-	version:	-	Trust: 0.8
vendor:	メディアテック	model:	lr13	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2022-020614 // NVD: CVE-2022-26446

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-26446
value:	HIGH
Trust: 1.0
NVD:	CVE-2022-26446
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202211-2385
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2022-26446
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2022-26446
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2022-020614 // CNNVD: CNNVD-202211-2385 // NVD: CVE-2022-26446

PROBLEMTYPE DATA

problemtype:	CWE-617	Trust: 1.0
problemtype:	Reachable assertions (CWE-617) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2022-020614 // NVD: CVE-2022-26446

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202211-2385

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202211-2385

PATCH

title:

MediaTek Fixes for chip security vulnerabilities

url:

http://123.124.177.30/web/xxk/bdxqById.tag?id=213789

Trust: 0.6

sources: CNNVD: CNNVD-202211-2385

EXTERNAL IDS

db:	NVD	id:	CVE-2022-26446	Trust: 3.2
db:	JVNDB	id:	JVNDB-2022-020614	Trust: 0.8
db:	CNNVD	id:	CNNVD-202211-2385	Trust: 0.6

sources: JVNDB: JVNDB-2022-020614 // CNNVD: CNNVD-202211-2385 // NVD: CVE-2022-26446

REFERENCES

url:	https://corp.mediatek.com/product-security-bulletin/november-2022	Trust: 2.4
url:	https://nvd.nist.gov/vuln/detail/cve-2022-26446	Trust: 0.8
url:	https://cxsecurity.com/cveshow/cve-2022-26446/	Trust: 0.6

sources: JVNDB: JVNDB-2022-020614 // CNNVD: CNNVD-202211-2385 // NVD: CVE-2022-26446

SOURCES

db:	JVNDB	id:	JVNDB-2022-020614
db:	CNNVD	id:	CNNVD-202211-2385
db:	NVD	id:	CVE-2022-26446

LAST UPDATE DATE

2024-08-14T14:43:39.548000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2022-020614	date:	2023-11-02T08:06:00
db:	CNNVD	id:	CNNVD-202211-2385	date:	2022-11-10T00:00:00
db:	NVD	id:	CVE-2022-26446	date:	2022-11-09T18:05:02.790

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2022-020614	date:	2023-11-02T00:00:00
db:	CNNVD	id:	CNNVD-202211-2385	date:	2022-11-08T00:00:00
db:	NVD	id:	CVE-2022-26446	date:	2022-11-08T21:15:11.423