Vulnerability Description
In ion, there is a possible use after free due to improper update of reference count. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06399915; Issue ID: ALPS06399915.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Android | 9.0 | |
| Mediatek | Mt6580 | - |
| Mediatek | Mt6735 | - |
| Mediatek | Mt6737 | - |
| Mediatek | Mt6739 | - |
| Mediatek | Mt6750 | - |
| Mediatek | Mt6750S | - |
| Mediatek | Mt6753 | - |
| Mediatek | Mt6757 | - |
| Mediatek | Mt6757C | - |
| Mediatek | Mt6757Cd | - |
| Mediatek | Mt6757Ch | - |
| Mediatek | Mt6761 | - |
| Mediatek | Mt6762 | - |
| Mediatek | Mt6763 | - |
| Mediatek | Mt6765 | - |
| Mediatek | Mt6768 | - |
| Mediatek | Mt6769 | - |
| Mediatek | Mt6771 | - |
| Mediatek | Mt6779 | - |
References
- https://corp.mediatek.com/product-security-bulletin/May-2022Vendor Advisory
- https://corp.mediatek.com/product-security-bulletin/May-2022Vendor Advisory
FAQ
What is CVE-2022-20109?
CVE-2022-20109 is a vulnerability with a CVSS score of 7.8 (HIGH). In ion, there is a possible use after free due to improper update of reference count. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction ...
How severe is CVE-2022-20109?
CVE-2022-20109 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-20109?
Check the references section above for vendor advisories and patch information. Affected products include: Google Android, Mediatek Mt6580, Mediatek Mt6735, Mediatek Mt6737, Mediatek Mt6739.