Vulnerability Description
In wifi driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: GN20220420088; Issue ID: GN20220420088.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mediatek | Mt7603 Firmware | 7.6.2.3 |
| Mediatek | Mt7603 | - |
| Mediatek | Mt7610 Firmware | 7.6.2.3 |
| Mediatek | Mt7610 | - |
| Mediatek | Mt7612 Firmware | 7.6.2.3 |
| Mediatek | Mt7612 | - |
| Mediatek | Mt7613 Firmware | 7.6.2.3 |
| Mediatek | Mt7613 | - |
| Mediatek | Mt7615 Firmware | 7.6.2.3 |
| Mediatek | Mt7615 | - |
| Mediatek | Mt7620 Firmware | 7.6.2.3 |
| Mediatek | Mt7620 | - |
| Mediatek | Mt7622 Firmware | 7.6.2.3 |
| Mediatek | Mt7622 | - |
| Mediatek | Mt7628 Firmware | 7.6.2.3 |
| Mediatek | Mt7628 | - |
| Mediatek | Mt7629 Firmware | 7.6.2.3 |
| Mediatek | Mt7629 | - |
| Mediatek | Mt7915 Firmware | 7.6.2.3 |
| Mediatek | Mt7915 | - |
Related Weaknesses (CWE)
References
- https://corp.mediatek.com/product-security-bulletin/August-2022Vendor Advisory
- https://corp.mediatek.com/product-security-bulletin/August-2022Vendor Advisory
FAQ
What is CVE-2022-26445?
CVE-2022-26445 is a vulnerability with a CVSS score of 6.7 (MEDIUM). In wifi driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not...
How severe is CVE-2022-26445?
CVE-2022-26445 has been rated MEDIUM with a CVSS base score of 6.7/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-26445?
Check the references section above for vendor advisories and patch information. Affected products include: Mediatek Mt7603 Firmware, Mediatek Mt7603, Mediatek Mt7610 Firmware, Mediatek Mt7610, Mediatek Mt7612 Firmware.