CVSS: 6.7EPSS: 0%CPEs: 48EXPL: 0CVE-2022-20089
https://notcve.org/view.php?id=CVE-2022-20089
03 May 2022 — In aee driver, there is a possible memory corruption due to active debug code. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06240397; Issue ID: ALPS06240397. En aee driver, se presenta una posible corrupción de memoria debido al código de depuración activo. • https://corp.mediatek.com/product-security-bulletin/May-2022 •
CVSS: 7.8EPSS: 0%CPEs: 47EXPL: 0CVE-2022-20088
https://notcve.org/view.php?id=CVE-2022-20088
03 May 2022 — In aee driver, there is a possible reference count mistake due to incorrect error handling. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06209201; Issue ID: ALPS06209201. En aee driver, se presenta un posible error en el recuento de referencias debido a un manejo incorrecto de errores. • https://corp.mediatek.com/product-security-bulletin/May-2022 • CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 6.7EPSS: 0%CPEs: 8EXPL: 0CVE-2022-20087
https://notcve.org/view.php?id=CVE-2022-20087
03 May 2022 — In ccu, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06477970; Issue ID: ALPS06477970. En ccu, es posible que se produzca una escritura fuera de límites debido a una falta de comprobación de límites. • https://corp.mediatek.com/product-security-bulletin/May-2022 • CWE-787: Out-of-bounds Write •
CVSS: 6.7EPSS: 0%CPEs: 54EXPL: 0CVE-2022-20085
https://notcve.org/view.php?id=CVE-2022-20085
03 May 2022 — In netdiag, there is a possible symbolic link following due to an improper link resolution. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06308877; Issue ID: ALPS06308877. En netdiag, se presenta un posible seguimiento de enlaces simbólicos debido a una resolución de enlaces inapropiada. • https://corp.mediatek.com/product-security-bulletin/May-2022 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 7.0EPSS: 0%CPEs: 56EXPL: 0CVE-2022-20110
https://notcve.org/view.php?id=CVE-2022-20110
03 May 2022 — In ion, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06399915; Issue ID: ALPS06399901. En ion, se presenta un posible uso de memoria previamente liberada debido a una condición de carrera. • https://corp.mediatek.com/product-security-bulletin/May-2022 • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 7.8EPSS: 0%CPEs: 56EXPL: 0CVE-2022-20109
https://notcve.org/view.php?id=CVE-2022-20109
03 May 2022 — In ion, there is a possible use after free due to improper update of reference count. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06399915; Issue ID: ALPS06399915. En ion, se presenta un posible uso de memoria previamente liberada debido a la actualización inapropiada del recuento de referencias. • https://corp.mediatek.com/product-security-bulletin/May-2022 •
CVSS: 7.8EPSS: 0%CPEs: 57EXPL: 0CVE-2022-20084
https://notcve.org/view.php?id=CVE-2022-20084
03 May 2022 — In telephony, there is a possible way to disable receiving emergency broadcasts due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06498874; Issue ID: ALPS06498874. En telephony, es posible que sea deshabilitada la recepción de transmisiones de emergencia debido a una falta de comprobación de permisos. • https://corp.mediatek.com/product-security-bulletin/May-2022 • CWE-862: Missing Authorization •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-28788
https://notcve.org/view.php?id=CVE-2022-28788
03 May 2022 — Improper buffer size check logic in aviextractor library prior to SMR May-2022 Release 1 allows out of bounds read leading to possible temporary denial of service. The patch adds buffer size check logic. Una lógica inapropiada de comprobación del tamaño del búfer en la biblioteca aviextractor versiones anteriores a SMR May-2022 Release 1, permite una lectura fuera de límites conllevando a una posible denegación de servicio temporal. El parche añade una lógica de comprobación del tamaño del búfer • https://security.samsungmobile.com/securityUpdate.smsb?year=2022&month=5 • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-28787
https://notcve.org/view.php?id=CVE-2022-28787
03 May 2022 — Improper buffer size check logic in wmfextractor library prior to SMR May-2022 Release 1 allows out of bounds read leading to possible temporary denial of service. The patch adds buffer size check logic. Una lógica de comprobación del tamaño del búfer en la biblioteca wmfextractor versiones anteriores a SMR May-2022 Release 1, permite una lectura fuera de límites conllevando a una posible denegación de servicio temporal. El parche añade una lógica de comprobación del tamaño del búfer • https://security.samsungmobile.com/securityUpdate.smsb?year=2022&month=5 • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-28786
https://notcve.org/view.php?id=CVE-2022-28786
03 May 2022 — Improper buffer size check logic in aviextractor library prior to SMR May-2022 Release 1 allows out of bounds read leading to possible temporary denial of service. The patch adds buffer size check logic. Una lógica inapropiada de comprobación del tamaño del búfer en la biblioteca aviextractor versiones anteriores a SMR May-2022 Release 1, permite una lectura fuera de límites conllevando a una posible denegación de servicio temporal. El parche añade una lógica de comprobación del tamaño del búfer • https://security.samsungmobile.com/securityUpdate.smsb?year=2022&month=5 • CWE-125: Out-of-bounds Read •