CVE-2022-26447: Mediatek Chipsets code execution vulnerability
Multi-security vulnerabilities have been disclosed in the Mediatek chipsets that, if left unresolved, could allow an adversary to remotely execute arbitrary code on the system from affected mobile devices.
On the September security patch, Mediatek fixed multiple privilege escalation and information disclosure security flaws: CVE-2022-26449, CVE-2022-26450, CVE-2022-26451, CVE-2022-26453, CVE-2022-26454, CVE-2022-26455, CVE-2022-26456, CVE-2022-26457, CVE-2022-26458, CVE-2022-26459, CVE-2022-26460, CVE-2022-26461, CVE-2022-26462, CVE-2022-26463, CVE-2022-26464, CVE-2022-26465, CVE-2022-26466, CVE-2022-26467, CVE-2022-26468, CVE-2022-26469, CVE-2022-26470.
Mediatek Chipsets could allow a local authenticated attacker to gain elevated privileges on the system. By sending a specially-crafted request, an authenticated attacker could exploit these vulnerabilities to gain elevated privileges and obtain sensitive information.
