Multi-security vulnerabilities have been disclosed in the Mediatek chipsets that, if left unresolved, could allow an adversary to remotely execute arbitrary code on the system from affected mobile devices.
MediaTek is a Taiwan-based hardware company that manufactures hardware chips and processors used in smartphones and tablets.
The issue assigned the identifier CVE-2022-26447, allows a remote attacker to execute arbitrary code on the system, caused by an out-of-bounds write due to a missing bounds check. By sending a specially crafted request, an attacker could exploit this vulnerability
to execute arbitrary code on the system.
“In BT firmware, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation,” read the security bulletin.
The CVE-2022-26447 flaw affects multiple chipsets, including MT6580, MT6735, MT6737, MT6739, MT6750S, MT6753, MT6755S, MT6757, MT6757C, MT6757CD, MT6757CH, MT6763, MT6771, MT8163, MT8167, MT8167S, MT8173, MT8183, MT8321, MT8362A, MT8385, MT8518, MT8532, MT8765, MT8788.
On the September security patch, Mediatek fixed multiple privilege escalation and information disclosure security flaws: CVE-2022-26449, CVE-2022-26450, CVE-2022-26451, CVE-2022-26453, CVE-2022-26454, CVE-2022-26455, CVE-2022-26456, CVE-2022-26457, CVE-2022-26458, CVE-2022-26459, CVE-2022-26460, CVE-2022-26461, CVE-2022-26462, CVE-2022-26463, CVE-2022-26464, CVE-2022-26465, CVE-2022-26466, CVE-2022-26467, CVE-2022-26468, CVE-2022-26469, CVE-2022-26470.
Mediatek Chipsets could allow a local authenticated attacker to gain elevated privileges on the system. By sending a specially-crafted request, an authenticated attacker could exploit these vulnerabilities to gain elevated privileges and obtain sensitive information.