Vulnerability Description
In preloader (usb), there is a possible out of bounds write due to a integer underflow. This could lead to local escalation of privilege, for an attacker who has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS06160841; Issue ID: ALPS06160841.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Android | 10.0 | |
| Mediatek | Mt2601 | - |
| Mediatek | Mt6580 | - |
| Mediatek | Mt6735 | - |
| Mediatek | Mt6739 | - |
| Mediatek | Mt6761 | - |
| Mediatek | Mt6763 | - |
| Mediatek | Mt6765 | - |
| Mediatek | Mt6768 | - |
| Mediatek | Mt6771 | - |
| Mediatek | Mt6779 | - |
| Mediatek | Mt6781 | - |
| Mediatek | Mt6785 | - |
| Mediatek | Mt6799 | - |
| Mediatek | Mt6833 | - |
| Mediatek | Mt6873 | - |
| Mediatek | Mt6877 | - |
| Mediatek | Mt6885 | - |
| Mediatek | Mt6893 | - |
| Mediatek | Mt8163 | - |
Related Weaknesses (CWE)
References
- https://corp.mediatek.com/product-security-bulletin/April-2022Vendor Advisory
- https://corp.mediatek.com/product-security-bulletin/April-2022Vendor Advisory
FAQ
What is CVE-2022-20073?
CVE-2022-20073 is a vulnerability with a CVSS score of 6.6 (MEDIUM). In preloader (usb), there is a possible out of bounds write due to a integer underflow. This could lead to local escalation of privilege, for an attacker who has physical access to the device, with no...
How severe is CVE-2022-20073?
CVE-2022-20073 has been rated MEDIUM with a CVSS base score of 6.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-20073?
Check the references section above for vendor advisories and patch information. Affected products include: Google Android, Mediatek Mt2601, Mediatek Mt6580, Mediatek Mt6735, Mediatek Mt6739.