CVSS: 8.0EPSS: 0%CPEs: 3EXPL: 0CVE-2022-39882
https://notcve.org/view.php?id=CVE-2022-39882
09 Nov 2022 — Heap overflow vulnerability in sflacf_fal_bytes_peek function in libsmat.so library prior to SMR Nov-2022 Release 1 allows local attacker to execute arbitrary code. Vulnerabilidad de desbordamiento de montón en la función sflacf_fal_bytes_peek en la librería libsmat.so antes de SMR Nov-2022 Release 1 permite a un atacante local ejecutar código arbitrario. • https://security.samsungmobile.com/securityUpdate.smsb?year=2022&month=11 • CWE-787: Out-of-bounds Write •
CVSS: 5.9EPSS: 0%CPEs: 3EXPL: 0CVE-2022-39886
https://notcve.org/view.php?id=CVE-2022-39886
09 Nov 2022 — Improper access control vulnerability in IpcRxServiceModeBigDataInfo in RIL prior to SMR Nov-2022 Release 1 allows local attacker to access Device information. Una vulnerabilidad de control de acceso inadecuado en IpcRxServiceModeBigDataInfo en RIL anterior a SMR Nov-2022 Release 1 permite a un atacante local acceder a la información del dispositivo. • https://security.samsungmobile.com/securityUpdate.smsb?year=2022&month=11 • CWE-280: Improper Handling of Insufficient Permissions or Privileges CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 5.9EPSS: 0%CPEs: 3EXPL: 0CVE-2022-39885
https://notcve.org/view.php?id=CVE-2022-39885
09 Nov 2022 — Improper access control vulnerability in BootCompletedReceiver_CMCC in DeviceManagement prior to SMR Nov-2022 Release 1 allows local attacker to access to Device information. Una vulnerabilidad de control de acceso inadecuado en BootCompletedReceiver_CMCC en DeviceManagement antes de SMR Nov-2022 Release 1 permite a un atacante local acceder a la información del dispositivo. • https://security.samsungmobile.com/securityUpdate.smsb?year=2022&month=11 • CWE-280: Improper Handling of Insufficient Permissions or Privileges CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 6.4EPSS: 0%CPEs: 34EXPL: 0CVE-2022-32609
https://notcve.org/view.php?id=CVE-2022-32609
08 Nov 2022 — In vcu, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07203410; Issue ID: ALPS07203410. En vcu, existe un posible use-after-free debido a una condición de ejecución. • https://corp.mediatek.com/product-security-bulletin/November-2022 • CWE-662: Improper Synchronization •
CVSS: 7.8EPSS: 0%CPEs: 43EXPL: 0CVE-2022-32601
https://notcve.org/view.php?id=CVE-2022-32601
08 Nov 2022 — In telephony, there is a possible permission bypass due to a parcel format mismatch. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07319132; Issue ID: ALPS07319132. En telefonía, existe una posible omisión de permiso debido a una discrepancia en el formato del paquete. • https://corp.mediatek.com/product-security-bulletin/November-2022 • CWE-502: Deserialization of Untrusted Data •
CVSS: 6.7EPSS: 0%CPEs: 4EXPL: 0CVE-2022-32616
https://notcve.org/view.php?id=CVE-2022-32616
08 Nov 2022 — In isp, there is a possible out of bounds write due to uninitialized data. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07341258; Issue ID: ALPS07341258. En isp, existe una posible escritura fuera de límites debido a datos no inicializados. • https://corp.mediatek.com/product-security-bulletin/November-2022 • CWE-908: Use of Uninitialized Resource •
CVSS: 7.2EPSS: 0%CPEs: 8EXPL: 0CVE-2022-32617
https://notcve.org/view.php?id=CVE-2022-32617
08 Nov 2022 — In typec, there is a possible out of bounds write due to an incorrect calculation of buffer size. This could lead to local escalation of privilege, for an attacker who has physical access to the device, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07262364; Issue ID: ALPS07262364. En Typec, existe una posible escritura fuera de límites debido a un cálculo incorrecto del tamaño del búfer. • https://corp.mediatek.com/product-security-bulletin/November-2022 • CWE-131: Incorrect Calculation of Buffer Size •
CVSS: 6.7EPSS: 0%CPEs: 50EXPL: 0CVE-2022-32607
https://notcve.org/view.php?id=CVE-2022-32607
08 Nov 2022 — In aee, there is a possible use after free due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07202891; Issue ID: ALPS07202891. En aee, existe un posible use-after-free debido a la falta de verificación de límites. • https://corp.mediatek.com/product-security-bulletin/November-2022 • CWE-416: Use After Free •
CVSS: 6.4EPSS: 0%CPEs: 35EXPL: 0CVE-2022-32612
https://notcve.org/view.php?id=CVE-2022-32612
08 Nov 2022 — In vcu, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07203500; Issue ID: ALPS07203500. En vcu, existe un posible use-after-free debido a una condición de ejecución. • https://corp.mediatek.com/product-security-bulletin/November-2022 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 6.4EPSS: 0%CPEs: 35EXPL: 0CVE-2022-32613
https://notcve.org/view.php?id=CVE-2022-32613
08 Nov 2022 — In vcu, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07206340; Issue ID: ALPS07206340. En vcu, existe una posible corrupción de la memoria debido a una condición de ejecución. • https://corp.mediatek.com/product-security-bulletin/November-2022 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •