CVE-2022-20017
https://notcve.org/view.php?id=CVE-2022-20017
In ion driver, there is a possible information disclosure due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05862991; Issue ID: ALPS05862991. En ion driver, se presenta una posible divulgación de información debido a una comprobación de límites incorrecta. • https://corp.mediatek.com/product-security-bulletin/February-2022 • CWE-20: Improper Input Validation •
CVE-2022-20029
https://notcve.org/view.php?id=CVE-2022-20029
In cmdq driver, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05747150; Issue ID: ALPS05747150. En cmdq driver, se presenta una posible lectura fuera de límites debido a una comprobación de límites incorrecta. • https://corp.mediatek.com/product-security-bulletin/February-2022 • CWE-125: Out-of-bounds Read •
CVE-2022-20024
https://notcve.org/view.php?id=CVE-2022-20024
In system service, there is a possible permission bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06219064; Issue ID: ALPS06219064. En system service, se presenta una posible omisión de permisos debido a una falta de comprobación de permisos. • https://corp.mediatek.com/product-security-bulletin/February-2022 • CWE-862: Missing Authorization •
CVE-2022-20023
https://notcve.org/view.php?id=CVE-2022-20023
In Bluetooth, there is a possible application crash due to bluetooth flooding a device with LMP_AU_rand packet. This could lead to remote denial of service of bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06198608; Issue ID: ALPS06198608. En Bluetooth, se presenta un posible bloqueo de la aplicación debido a que bluetooth inunda un dispositivo con el paquete LMP_AU_rand. • https://corp.mediatek.com/product-security-bulletin/January-2022 • CWE-772: Missing Release of Resource after Effective Lifetime •
CVE-2022-20020
https://notcve.org/view.php?id=CVE-2022-20020
In libvcodecdrv, there is a possible information disclosure due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05943906; Issue ID: ALPS05943906. En libvcodecdrv, se presenta una posible divulgación de información debido a una falta de comprobación de límites. • https://corp.mediatek.com/product-security-bulletin/January-2022 • CWE-20: Improper Input Validation •