CVSS: 4.4EPSS: 0%CPEs: 41EXPL: 0CVE-2022-20029
https://notcve.org/view.php?id=CVE-2022-20029
09 Feb 2022 — In cmdq driver, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05747150; Issue ID: ALPS05747150. En cmdq driver, se presenta una posible lectura fuera de límites debido a una comprobación de límites incorrecta. • https://corp.mediatek.com/product-security-bulletin/February-2022 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 29EXPL: 0CVE-2022-20024
https://notcve.org/view.php?id=CVE-2022-20024
09 Feb 2022 — In system service, there is a possible permission bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06219064; Issue ID: ALPS06219064. En system service, se presenta una posible omisión de permisos debido a una falta de comprobación de permisos. • https://corp.mediatek.com/product-security-bulletin/February-2022 • CWE-862: Missing Authorization •
CVSS: 6.5EPSS: 0%CPEs: 59EXPL: 0CVE-2022-20023
https://notcve.org/view.php?id=CVE-2022-20023
04 Jan 2022 — In Bluetooth, there is a possible application crash due to bluetooth flooding a device with LMP_AU_rand packet. This could lead to remote denial of service of bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06198608; Issue ID: ALPS06198608. En Bluetooth, se presenta un posible bloqueo de la aplicación debido a que bluetooth inunda un dispositivo con el paquete LMP_AU_rand. • https://corp.mediatek.com/product-security-bulletin/January-2022 • CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 6.5EPSS: 0%CPEs: 30EXPL: 0CVE-2022-20022
https://notcve.org/view.php?id=CVE-2022-20022
04 Jan 2022 — In Bluetooth, there is a possible link disconnection due to bluetooth does not properly handle a connection attempt from a host with the same BD address as the currently connected BT host. This could lead to remote denial of service of bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06198578; Issue ID: ALPS06198578. En Bluetooth, se presenta una posible desconexión del enlace debido a que bluetooth no maneja apropiadamente un intento d... • https://corp.mediatek.com/product-security-bulletin/January-2022 •
CVSS: 6.5EPSS: 0%CPEs: 31EXPL: 0CVE-2022-20021
https://notcve.org/view.php?id=CVE-2022-20021
04 Jan 2022 — In Bluetooth, there is a possible application crash due to bluetooth does not properly handle the reception of multiple LMP_host_connection_req. This could lead to remote denial of service of bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06198513; Issue ID: ALPS06198513. En Bluetooth, se presenta un posible bloqueo de la aplicación debido a que bluetooth no maneja apropiadamente la recepción de múltiples LMP_host_connection_req. • https://corp.mediatek.com/product-security-bulletin/January-2022 •
CVSS: 5.5EPSS: 0%CPEs: 41EXPL: 0CVE-2022-20019
https://notcve.org/view.php?id=CVE-2022-20019
04 Jan 2022 — In libMtkOmxGsmDec, there is a possible information disclosure due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05917620; Issue ID: ALPS05917620. En libMtkOmxGsmDec, se presenta una posible divulgación de información debido a una comprobación de límites incorrecta. • https://corp.mediatek.com/product-security-bulletin/January-2022 • CWE-20: Improper Input Validation •
CVSS: 4.4EPSS: 0%CPEs: 35EXPL: 0CVE-2022-20018
https://notcve.org/view.php?id=CVE-2022-20018
04 Jan 2022 — In seninf driver, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05863018; Issue ID: ALPS05863018. En el controlador seninf, se presenta una posible divulgación de información debido a datos no inicializados. • https://corp.mediatek.com/product-security-bulletin/January-2022 • CWE-908: Use of Uninitialized Resource •
CVSS: 4.4EPSS: 0%CPEs: 26EXPL: 0CVE-2022-20015
https://notcve.org/view.php?id=CVE-2022-20015
04 Jan 2022 — In kd_camera_hw driver, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05862966; Issue ID: ALPS05862966. En el controlador kd_camera_hw, se presenta una posible divulgación de información debido a datos no inicializados. • https://corp.mediatek.com/product-security-bulletin/January-2022 • CWE-908: Use of Uninitialized Resource •
CVSS: 7.5EPSS: 0%CPEs: 53EXPL: 0CVE-2021-40148
https://notcve.org/view.php?id=CVE-2021-40148
04 Jan 2022 — In Modem EMM, there is a possible information disclosure due to a missing data encryption. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00716585; Issue ID: ALPS05886933. En el módem EMM, se presenta una posible divulgación de información debido a una falta de cifrado de datos. • https://corp.mediatek.com/product-security-bulletin/January-2022 • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 5.5EPSS: 1%CPEs: 60EXPL: 0CVE-2021-0674
https://notcve.org/view.php?id=CVE-2021-0674
17 Dec 2021 — In alac decoder, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06064258; Issue ID: ALPS06064237. En el descodificador alac, se presenta una posible lectura fuera de límites debido a una comprobación de límites incorrecta. • https://corp.mediatek.com/product-security-bulletin/December-2021 • CWE-125: Out-of-bounds Read •