Vulnerability Description
In Wi-Fi driver, there is a possible undefined behavior due to incorrect error handling. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: GN20220705066; Issue ID: GN20220705066.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mediatek | Mt7603 Firmware | 7.6.6.0 |
| Thelinuxfoundation | Yocto | 3.1 |
| Mediatek | Mt7603 | - |
| Mediatek | Mt7613 Firmware | 7.6.6.0 |
| Mediatek | Mt7613 | - |
| Mediatek | Mt7615 Firmware | 7.6.6.0 |
| Mediatek | Mt7615 | - |
| Mediatek | Mt7622 Firmware | 7.6.6.0 |
| Mediatek | Mt7622 | - |
| Mediatek | Mt7628 Firmware | 7.6.6.0 |
| Mediatek | Mt7628 | - |
| Mediatek | Mt7629 Firmware | 7.6.6.0 |
| Mediatek | Mt7629 | - |
| Mediatek | Mt7915 Firmware | 7.6.6.0 |
| Mediatek | Mt7915 | - |
| Mediatek | Mt7916 Firmware | 7.6.6.0 |
| Mediatek | Mt7916 | - |
| Mediatek | Mt7981 Firmware | 7.6.6.0 |
| Mediatek | Mt7981 | - |
| Mediatek | Mt7986 Firmware | 7.6.6.0 |
Related Weaknesses (CWE)
References
- https://corp.mediatek.com/product-security-bulletin/January-2023Vendor Advisory
- https://corp.mediatek.com/product-security-bulletin/January-2023Vendor Advisory
FAQ
What is CVE-2022-32659?
CVE-2022-32659 is a vulnerability with a CVSS score of 6.7 (MEDIUM). In Wi-Fi driver, there is a possible undefined behavior due to incorrect error handling. This could lead to local escalation of privilege with System execution privileges needed. User interaction is n...
How severe is CVE-2022-32659?
CVE-2022-32659 has been rated MEDIUM with a CVSS base score of 6.7/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-32659?
Check the references section above for vendor advisories and patch information. Affected products include: Mediatek Mt7603 Firmware, Thelinuxfoundation Yocto, Mediatek Mt7603, Mediatek Mt7613 Firmware, Mediatek Mt7613.