CVE-2022-26430
6.7
Vector
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Exploitability: 0.8 / Impact: 5.9
Source: NVD
Description
In mailbox, there is a possible out of bounds write due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07032521; Issue ID: ALPS07032521.
Affected (4)
Products: Google: Android · Yoctoproject: Yocto
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| Version 11.0 | |
| Version 3.1 |
| Running on/with | Platform Versions |
|---|---|
Mediatek Mt6833 | All versions |
Mediatek Mt6853 | All versions |
Mediatek Mt6873 | All versions |
Mediatek Mt6877 | All versions |
Mediatek Mt6879 | All versions |
Mediatek Mt6885 | All versions |
Mediatek Mt6893 | All versions |
Mediatek Mt6895 | All versions |
Mediatek Mt6983 | All versions |
Mediatek Mt8185 | All versions |
Mediatek Mt8321 | All versions |
Mediatek Mt8385 | All versions |
Mediatek Mt8532 | All versions |
Mediatek Mt8666 | All versions |
Mediatek Mt8675 | All versions |
Mediatek Mt8765 | All versions |
Mediatek Mt8766 | All versions |
Mediatek Mt8768 | All versions |
Mediatek Mt8786 | All versions |
Mediatek Mt8788 | All versions |
Mediatek Mt8789 | All versions |
Mediatek Mt8791 | All versions |
Mediatek Mt8797 | All versions |
Related CWEs
CWE-787
Out-of-bounds Write
The product writes data past the end, or before the beginning, of the intended buffer.
CWE-843
Access of Resource Using Incompatible Type ('Type Confusion')
The product allocates or initializes a resource such as a pointer, object, or variable using one type, but it later accesses that resource using a type that is incompatible with the original type.
References (2)
Source: security@mediatek.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Timeline
No history available yet.