Search

Find a vulnerability

Search criteria

    12 vulnerabilities found for mt8365_firmware by mediatek

    CVE-2026-20451 (GCVE-0-2026-20451)

    Vulnerability from nvd – Published: 2026-05-04 05:42 – Updated: 2026-05-05 03:56
    VLAI
    Summary
    In slbc, there is a possible out of bounds write due to type confusion. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10828685; Issue ID: MSV-6504.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-843 - Access of Resource Using Incompatible Type ('Type Confusion')
    Assigner
    Impacted products
    Vendor Product Version
    MediaTek, Inc. MediaTek chipset Affected: MT2718
    Affected: MT6899
    Affected: MT6985
    Affected: MT6989
    Affected: MT6991
    Affected: MT8115
    Affected: MT8186
    Affected: MT8188
    Affected: MT8196
    Affected: MT8365
    Affected: MT8367
    Affected: MT8370
    Affected: MT8371
    Affected: MT8390
    Affected: MT8391
    Affected: MT8395
    Affected: MT8676
    Affected: MT8678
    Affected: MT8766
    Affected: MT8768
    Affected: MT8775
    Affected: MT8781
    Affected: MT8786
    Affected: MT8788E
    Affected: MT8791T
    Affected: MT8792
    Affected: MT8793
    Affected: MT8796
    Affected: MT8873
    Affected: MT8883
    Affected: MT8893
    Affected: MT8910
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 6.7,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "HIGH",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-20451",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-04T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-05T03:56:05.990Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "MediaTek chipset",
              "vendor": "MediaTek, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "MT2718"
                },
                {
                  "status": "affected",
                  "version": "MT6899"
                },
                {
                  "status": "affected",
                  "version": "MT6985"
                },
                {
                  "status": "affected",
                  "version": "MT6989"
                },
                {
                  "status": "affected",
                  "version": "MT6991"
                },
                {
                  "status": "affected",
                  "version": "MT8115"
                },
                {
                  "status": "affected",
                  "version": "MT8186"
                },
                {
                  "status": "affected",
                  "version": "MT8188"
                },
                {
                  "status": "affected",
                  "version": "MT8196"
                },
                {
                  "status": "affected",
                  "version": "MT8365"
                },
                {
                  "status": "affected",
                  "version": "MT8367"
                },
                {
                  "status": "affected",
                  "version": "MT8370"
                },
                {
                  "status": "affected",
                  "version": "MT8371"
                },
                {
                  "status": "affected",
                  "version": "MT8390"
                },
                {
                  "status": "affected",
                  "version": "MT8391"
                },
                {
                  "status": "affected",
                  "version": "MT8395"
                },
                {
                  "status": "affected",
                  "version": "MT8676"
                },
                {
                  "status": "affected",
                  "version": "MT8678"
                },
                {
                  "status": "affected",
                  "version": "MT8766"
                },
                {
                  "status": "affected",
                  "version": "MT8768"
                },
                {
                  "status": "affected",
                  "version": "MT8775"
                },
                {
                  "status": "affected",
                  "version": "MT8781"
                },
                {
                  "status": "affected",
                  "version": "MT8786"
                },
                {
                  "status": "affected",
                  "version": "MT8788E"
                },
                {
                  "status": "affected",
                  "version": "MT8791T"
                },
                {
                  "status": "affected",
                  "version": "MT8792"
                },
                {
                  "status": "affected",
                  "version": "MT8793"
                },
                {
                  "status": "affected",
                  "version": "MT8796"
                },
                {
                  "status": "affected",
                  "version": "MT8873"
                },
                {
                  "status": "affected",
                  "version": "MT8883"
                },
                {
                  "status": "affected",
                  "version": "MT8893"
                },
                {
                  "status": "affected",
                  "version": "MT8910"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In slbc, there is a possible out of bounds write due to type confusion. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10828685; Issue ID: MSV-6504."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-843",
                  "description": "CWE-843 Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-04T05:42:29.660Z",
            "orgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
            "shortName": "MediaTek"
          },
          "references": [
            {
              "url": "https://corp.mediatek.com/product-security-bulletin/May-2026"
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
        "assignerShortName": "MediaTek",
        "cveId": "CVE-2026-20451",
        "datePublished": "2026-05-04T05:42:29.660Z",
        "dateReserved": "2025-11-03T01:30:59.013Z",
        "dateUpdated": "2026-05-05T03:56:05.990Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2022-32666 (GCVE-0-2022-32666)

    Vulnerability from nvd – Published: 2023-07-04 01:44 – Updated: 2024-12-04 16:26
    VLAI
    Summary
    In Wi-Fi, there is a possible low throughput due to misrepresentation of critical information. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: GN20220829014; Issue ID: GN20220829014.
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • Denial of Service
    Assigner
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T07:46:44.957Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://corp.mediatek.com/product-security-bulletin/July-2023"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-32666",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-12-04T16:26:43.420231Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-12-04T16:26:54.136Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "MT7603, MT7613, MT7615, MT7622, MT7628, MT7629, MT7915, MT7916, MT7981, MT7986, MT8365",
              "vendor": "MediaTek, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "7.6.6.0 / IOT-v23.0 (Yocto 4.0)"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In Wi-Fi, there is a possible low throughput due to misrepresentation of critical information. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: GN20220829014; Issue ID: GN20220829014."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Denial of Service",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-07-04T01:44:59.030Z",
            "orgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
            "shortName": "MediaTek"
          },
          "references": [
            {
              "url": "https://corp.mediatek.com/product-security-bulletin/July-2023"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
        "assignerShortName": "MediaTek",
        "cveId": "CVE-2022-32666",
        "datePublished": "2023-07-04T01:44:59.030Z",
        "dateReserved": "2022-06-09T07:04:43.361Z",
        "dateUpdated": "2024-12-04T16:26:54.136Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-32663 (GCVE-0-2022-32663)

    Vulnerability from nvd – Published: 2023-02-06 00:00 – Updated: 2025-03-26 14:33
    VLAI
    Summary
    In Wi-Fi driver, there is a possible system crash due to null pointer dereference. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: GN20220720014; Issue ID: GN20220720014.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • Denial of Service
    • CWE-476 - NULL Pointer Dereference
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T07:46:44.927Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://corp.mediatek.com/product-security-bulletin/February-2023"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.5,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-32663",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-03-26T14:24:05.293411Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-476",
                    "description": "CWE-476 NULL Pointer Dereference",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-26T14:33:54.468Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "MT5221, MT7603, MT7613, MT7615, MT7622, MT7628, MT7629, MT7668, MT7902, MT7915, MT7916, MT7921, MT7981, MT7986, MT8167S, MT8175, MT8362A, MT8365, MT8385, MT8518S, MT8532, MT8788",
              "vendor": "MediaTek, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "7.6.6.1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In Wi-Fi driver, there is a possible system crash due to null pointer dereference. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: GN20220720014; Issue ID: GN20220720014."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Denial of Service",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-02-06T00:00:00.000Z",
            "orgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
            "shortName": "MediaTek"
          },
          "references": [
            {
              "url": "https://corp.mediatek.com/product-security-bulletin/February-2023"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
        "assignerShortName": "MediaTek",
        "cveId": "CVE-2022-32663",
        "datePublished": "2023-02-06T00:00:00.000Z",
        "dateReserved": "2022-06-09T00:00:00.000Z",
        "dateUpdated": "2025-03-26T14:33:54.468Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-32656 (GCVE-0-2022-32656)

    Vulnerability from nvd – Published: 2023-02-06 00:00 – Updated: 2025-03-26 19:56
    VLAI
    Summary
    In Wi-Fi driver, there is a possible undefined behavior due to incorrect error handling. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: GN20220705035; Issue ID: GN20220705035.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T07:46:45.240Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://corp.mediatek.com/product-security-bulletin/February-2023"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 6.7,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "HIGH",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-32656",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-03-26T19:56:48.844834Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "description": "CWE-noinfo Not enough information",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-26T19:56:53.312Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "MT5221, MT7603, MT7613, MT7615, MT7622, MT7628, MT7629, MT7663, MT7668, MT7682, MT7686, MT7687, MT7697, MT7902, MT7915, MT7916, MT7921, MT7933, MT7981, MT7986, MT8167S, MT8175, MT8362A, MT8365, MT8385, MT8518S, MT8532, MT8695, MT8696, MT8788",
              "vendor": "MediaTek, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "7.6.6.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In Wi-Fi driver, there is a possible undefined behavior due to incorrect error handling. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: GN20220705035; Issue ID: GN20220705035."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Elevation of Privilege",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-02-06T00:00:00.000Z",
            "orgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
            "shortName": "MediaTek"
          },
          "references": [
            {
              "url": "https://corp.mediatek.com/product-security-bulletin/February-2023"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
        "assignerShortName": "MediaTek",
        "cveId": "CVE-2022-32656",
        "datePublished": "2023-02-06T00:00:00.000Z",
        "dateReserved": "2022-06-09T00:00:00.000Z",
        "dateUpdated": "2025-03-26T19:56:53.312Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-32655 (GCVE-0-2022-32655)

    Vulnerability from nvd – Published: 2023-02-06 00:00 – Updated: 2025-03-26 20:04
    VLAI
    Summary
    In Wi-Fi driver, there is a possible undefined behavior due to incorrect error handling. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: GN20220705028; Issue ID: GN20220705028.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Elevation of Privilege
    • CWE-755 - Improper Handling of Exceptional Conditions
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T07:46:45.130Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://corp.mediatek.com/product-security-bulletin/February-2023"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 6.7,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "HIGH",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-32655",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-03-26T20:04:24.420554Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-755",
                    "description": "CWE-755 Improper Handling of Exceptional Conditions",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-26T20:04:32.709Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "MT5221, MT7603, MT7613, MT7615, MT7622, MT7628, MT7629, MT7663, MT7668, MT7682, MT7686, MT7687, MT7697, MT7902, MT7915, MT7916, MT7921, MT7933, MT7981, MT7986, MT8167S, MT8175, MT8362A, MT8365, MT8385, MT8518S, MT8532, MT8695, MT8696, MT8788",
              "vendor": "MediaTek, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "7.6.6.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In Wi-Fi driver, there is a possible undefined behavior due to incorrect error handling. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: GN20220705028; Issue ID: GN20220705028."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Elevation of Privilege",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-02-06T00:00:00.000Z",
            "orgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
            "shortName": "MediaTek"
          },
          "references": [
            {
              "url": "https://corp.mediatek.com/product-security-bulletin/February-2023"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
        "assignerShortName": "MediaTek",
        "cveId": "CVE-2022-32655",
        "datePublished": "2023-02-06T00:00:00.000Z",
        "dateReserved": "2022-06-09T00:00:00.000Z",
        "dateUpdated": "2025-03-26T20:04:32.709Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-32654 (GCVE-0-2022-32654)

    Vulnerability from nvd – Published: 2023-02-06 00:00 – Updated: 2025-03-26 20:05
    VLAI
    Summary
    In Wi-Fi driver, there is a possible undefined behavior due to incorrect error handling. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: GN20220705011; Issue ID: GN20220705011.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T07:46:44.958Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://corp.mediatek.com/product-security-bulletin/February-2023"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 6.7,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "HIGH",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-32654",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-03-26T20:05:17.578107Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "description": "CWE-noinfo Not enough information",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-26T20:05:56.602Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "MT5221, MT7603, MT7613, MT7615, MT7622, MT7628, MT7629, MT7663, MT7668, MT7682, MT7686, MT7687, MT7697, MT7902, MT7915, MT7916, MT7921, MT7933, MT7981, MT7986, MT8167S, MT8175, MT8362A, MT8365, MT8385, MT8518S, MT8532, MT8695, MT8696, MT8788",
              "vendor": "MediaTek, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "7.6.6.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In Wi-Fi driver, there is a possible undefined behavior due to incorrect error handling. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: GN20220705011; Issue ID: GN20220705011."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Elevation of Privilege",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-02-06T00:00:00.000Z",
            "orgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
            "shortName": "MediaTek"
          },
          "references": [
            {
              "url": "https://corp.mediatek.com/product-security-bulletin/February-2023"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
        "assignerShortName": "MediaTek",
        "cveId": "CVE-2022-32654",
        "datePublished": "2023-02-06T00:00:00.000Z",
        "dateReserved": "2022-06-09T00:00:00.000Z",
        "dateUpdated": "2025-03-26T20:05:56.602Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2026-20451 (GCVE-0-2026-20451)

    Vulnerability from cvelistv5 – Published: 2026-05-04 05:42 – Updated: 2026-05-05 03:56
    VLAI
    Summary
    In slbc, there is a possible out of bounds write due to type confusion. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10828685; Issue ID: MSV-6504.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-843 - Access of Resource Using Incompatible Type ('Type Confusion')
    Assigner
    Impacted products
    Vendor Product Version
    MediaTek, Inc. MediaTek chipset Affected: MT2718
    Affected: MT6899
    Affected: MT6985
    Affected: MT6989
    Affected: MT6991
    Affected: MT8115
    Affected: MT8186
    Affected: MT8188
    Affected: MT8196
    Affected: MT8365
    Affected: MT8367
    Affected: MT8370
    Affected: MT8371
    Affected: MT8390
    Affected: MT8391
    Affected: MT8395
    Affected: MT8676
    Affected: MT8678
    Affected: MT8766
    Affected: MT8768
    Affected: MT8775
    Affected: MT8781
    Affected: MT8786
    Affected: MT8788E
    Affected: MT8791T
    Affected: MT8792
    Affected: MT8793
    Affected: MT8796
    Affected: MT8873
    Affected: MT8883
    Affected: MT8893
    Affected: MT8910
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 6.7,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "HIGH",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-20451",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-04T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-05T03:56:05.990Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "MediaTek chipset",
              "vendor": "MediaTek, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "MT2718"
                },
                {
                  "status": "affected",
                  "version": "MT6899"
                },
                {
                  "status": "affected",
                  "version": "MT6985"
                },
                {
                  "status": "affected",
                  "version": "MT6989"
                },
                {
                  "status": "affected",
                  "version": "MT6991"
                },
                {
                  "status": "affected",
                  "version": "MT8115"
                },
                {
                  "status": "affected",
                  "version": "MT8186"
                },
                {
                  "status": "affected",
                  "version": "MT8188"
                },
                {
                  "status": "affected",
                  "version": "MT8196"
                },
                {
                  "status": "affected",
                  "version": "MT8365"
                },
                {
                  "status": "affected",
                  "version": "MT8367"
                },
                {
                  "status": "affected",
                  "version": "MT8370"
                },
                {
                  "status": "affected",
                  "version": "MT8371"
                },
                {
                  "status": "affected",
                  "version": "MT8390"
                },
                {
                  "status": "affected",
                  "version": "MT8391"
                },
                {
                  "status": "affected",
                  "version": "MT8395"
                },
                {
                  "status": "affected",
                  "version": "MT8676"
                },
                {
                  "status": "affected",
                  "version": "MT8678"
                },
                {
                  "status": "affected",
                  "version": "MT8766"
                },
                {
                  "status": "affected",
                  "version": "MT8768"
                },
                {
                  "status": "affected",
                  "version": "MT8775"
                },
                {
                  "status": "affected",
                  "version": "MT8781"
                },
                {
                  "status": "affected",
                  "version": "MT8786"
                },
                {
                  "status": "affected",
                  "version": "MT8788E"
                },
                {
                  "status": "affected",
                  "version": "MT8791T"
                },
                {
                  "status": "affected",
                  "version": "MT8792"
                },
                {
                  "status": "affected",
                  "version": "MT8793"
                },
                {
                  "status": "affected",
                  "version": "MT8796"
                },
                {
                  "status": "affected",
                  "version": "MT8873"
                },
                {
                  "status": "affected",
                  "version": "MT8883"
                },
                {
                  "status": "affected",
                  "version": "MT8893"
                },
                {
                  "status": "affected",
                  "version": "MT8910"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In slbc, there is a possible out of bounds write due to type confusion. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10828685; Issue ID: MSV-6504."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-843",
                  "description": "CWE-843 Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-04T05:42:29.660Z",
            "orgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
            "shortName": "MediaTek"
          },
          "references": [
            {
              "url": "https://corp.mediatek.com/product-security-bulletin/May-2026"
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
        "assignerShortName": "MediaTek",
        "cveId": "CVE-2026-20451",
        "datePublished": "2026-05-04T05:42:29.660Z",
        "dateReserved": "2025-11-03T01:30:59.013Z",
        "dateUpdated": "2026-05-05T03:56:05.990Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2022-32666 (GCVE-0-2022-32666)

    Vulnerability from cvelistv5 – Published: 2023-07-04 01:44 – Updated: 2024-12-04 16:26
    VLAI
    Summary
    In Wi-Fi, there is a possible low throughput due to misrepresentation of critical information. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: GN20220829014; Issue ID: GN20220829014.
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • Denial of Service
    Assigner
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T07:46:44.957Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://corp.mediatek.com/product-security-bulletin/July-2023"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-32666",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-12-04T16:26:43.420231Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-12-04T16:26:54.136Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "MT7603, MT7613, MT7615, MT7622, MT7628, MT7629, MT7915, MT7916, MT7981, MT7986, MT8365",
              "vendor": "MediaTek, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "7.6.6.0 / IOT-v23.0 (Yocto 4.0)"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In Wi-Fi, there is a possible low throughput due to misrepresentation of critical information. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: GN20220829014; Issue ID: GN20220829014."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Denial of Service",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-07-04T01:44:59.030Z",
            "orgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
            "shortName": "MediaTek"
          },
          "references": [
            {
              "url": "https://corp.mediatek.com/product-security-bulletin/July-2023"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
        "assignerShortName": "MediaTek",
        "cveId": "CVE-2022-32666",
        "datePublished": "2023-07-04T01:44:59.030Z",
        "dateReserved": "2022-06-09T07:04:43.361Z",
        "dateUpdated": "2024-12-04T16:26:54.136Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-32654 (GCVE-0-2022-32654)

    Vulnerability from cvelistv5 – Published: 2023-02-06 00:00 – Updated: 2025-03-26 20:05
    VLAI
    Summary
    In Wi-Fi driver, there is a possible undefined behavior due to incorrect error handling. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: GN20220705011; Issue ID: GN20220705011.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T07:46:44.958Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://corp.mediatek.com/product-security-bulletin/February-2023"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 6.7,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "HIGH",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-32654",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-03-26T20:05:17.578107Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "description": "CWE-noinfo Not enough information",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-26T20:05:56.602Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "MT5221, MT7603, MT7613, MT7615, MT7622, MT7628, MT7629, MT7663, MT7668, MT7682, MT7686, MT7687, MT7697, MT7902, MT7915, MT7916, MT7921, MT7933, MT7981, MT7986, MT8167S, MT8175, MT8362A, MT8365, MT8385, MT8518S, MT8532, MT8695, MT8696, MT8788",
              "vendor": "MediaTek, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "7.6.6.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In Wi-Fi driver, there is a possible undefined behavior due to incorrect error handling. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: GN20220705011; Issue ID: GN20220705011."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Elevation of Privilege",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-02-06T00:00:00.000Z",
            "orgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
            "shortName": "MediaTek"
          },
          "references": [
            {
              "url": "https://corp.mediatek.com/product-security-bulletin/February-2023"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
        "assignerShortName": "MediaTek",
        "cveId": "CVE-2022-32654",
        "datePublished": "2023-02-06T00:00:00.000Z",
        "dateReserved": "2022-06-09T00:00:00.000Z",
        "dateUpdated": "2025-03-26T20:05:56.602Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-32655 (GCVE-0-2022-32655)

    Vulnerability from cvelistv5 – Published: 2023-02-06 00:00 – Updated: 2025-03-26 20:04
    VLAI
    Summary
    In Wi-Fi driver, there is a possible undefined behavior due to incorrect error handling. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: GN20220705028; Issue ID: GN20220705028.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Elevation of Privilege
    • CWE-755 - Improper Handling of Exceptional Conditions
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T07:46:45.130Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://corp.mediatek.com/product-security-bulletin/February-2023"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 6.7,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "HIGH",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-32655",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-03-26T20:04:24.420554Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-755",
                    "description": "CWE-755 Improper Handling of Exceptional Conditions",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-26T20:04:32.709Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "MT5221, MT7603, MT7613, MT7615, MT7622, MT7628, MT7629, MT7663, MT7668, MT7682, MT7686, MT7687, MT7697, MT7902, MT7915, MT7916, MT7921, MT7933, MT7981, MT7986, MT8167S, MT8175, MT8362A, MT8365, MT8385, MT8518S, MT8532, MT8695, MT8696, MT8788",
              "vendor": "MediaTek, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "7.6.6.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In Wi-Fi driver, there is a possible undefined behavior due to incorrect error handling. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: GN20220705028; Issue ID: GN20220705028."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Elevation of Privilege",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-02-06T00:00:00.000Z",
            "orgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
            "shortName": "MediaTek"
          },
          "references": [
            {
              "url": "https://corp.mediatek.com/product-security-bulletin/February-2023"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
        "assignerShortName": "MediaTek",
        "cveId": "CVE-2022-32655",
        "datePublished": "2023-02-06T00:00:00.000Z",
        "dateReserved": "2022-06-09T00:00:00.000Z",
        "dateUpdated": "2025-03-26T20:04:32.709Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-32656 (GCVE-0-2022-32656)

    Vulnerability from cvelistv5 – Published: 2023-02-06 00:00 – Updated: 2025-03-26 19:56
    VLAI
    Summary
    In Wi-Fi driver, there is a possible undefined behavior due to incorrect error handling. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: GN20220705035; Issue ID: GN20220705035.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T07:46:45.240Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://corp.mediatek.com/product-security-bulletin/February-2023"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 6.7,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "HIGH",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-32656",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-03-26T19:56:48.844834Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "description": "CWE-noinfo Not enough information",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-26T19:56:53.312Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "MT5221, MT7603, MT7613, MT7615, MT7622, MT7628, MT7629, MT7663, MT7668, MT7682, MT7686, MT7687, MT7697, MT7902, MT7915, MT7916, MT7921, MT7933, MT7981, MT7986, MT8167S, MT8175, MT8362A, MT8365, MT8385, MT8518S, MT8532, MT8695, MT8696, MT8788",
              "vendor": "MediaTek, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "7.6.6.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In Wi-Fi driver, there is a possible undefined behavior due to incorrect error handling. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: GN20220705035; Issue ID: GN20220705035."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Elevation of Privilege",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-02-06T00:00:00.000Z",
            "orgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
            "shortName": "MediaTek"
          },
          "references": [
            {
              "url": "https://corp.mediatek.com/product-security-bulletin/February-2023"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
        "assignerShortName": "MediaTek",
        "cveId": "CVE-2022-32656",
        "datePublished": "2023-02-06T00:00:00.000Z",
        "dateReserved": "2022-06-09T00:00:00.000Z",
        "dateUpdated": "2025-03-26T19:56:53.312Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-32663 (GCVE-0-2022-32663)

    Vulnerability from cvelistv5 – Published: 2023-02-06 00:00 – Updated: 2025-03-26 14:33
    VLAI
    Summary
    In Wi-Fi driver, there is a possible system crash due to null pointer dereference. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: GN20220720014; Issue ID: GN20220720014.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • Denial of Service
    • CWE-476 - NULL Pointer Dereference
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T07:46:44.927Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://corp.mediatek.com/product-security-bulletin/February-2023"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.5,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-32663",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-03-26T14:24:05.293411Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-476",
                    "description": "CWE-476 NULL Pointer Dereference",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-26T14:33:54.468Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "MT5221, MT7603, MT7613, MT7615, MT7622, MT7628, MT7629, MT7668, MT7902, MT7915, MT7916, MT7921, MT7981, MT7986, MT8167S, MT8175, MT8362A, MT8365, MT8385, MT8518S, MT8532, MT8788",
              "vendor": "MediaTek, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "7.6.6.1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In Wi-Fi driver, there is a possible system crash due to null pointer dereference. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: GN20220720014; Issue ID: GN20220720014."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Denial of Service",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-02-06T00:00:00.000Z",
            "orgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
            "shortName": "MediaTek"
          },
          "references": [
            {
              "url": "https://corp.mediatek.com/product-security-bulletin/February-2023"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
        "assignerShortName": "MediaTek",
        "cveId": "CVE-2022-32663",
        "datePublished": "2023-02-06T00:00:00.000Z",
        "dateReserved": "2022-06-09T00:00:00.000Z",
        "dateUpdated": "2025-03-26T14:33:54.468Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }