What is the severity of CVE-2022-20020?

CVE-2022-20020 is classified as a high severity vulnerability that allows for local information disclosure.

How do I fix CVE-2022-20020?

To fix CVE-2022-20020, apply the security patch identified as ALPS05943906.

Who is affected by CVE-2022-20020?

CVE-2022-20020 affects devices running Google Android version 11.0 with certain MediaTek chipsets.

Can CVE-2022-20020 be exploited remotely?

No, CVE-2022-20020 requires local access to the vulnerable device for exploitation.

What could be compromised due to CVE-2022-20020?

CVE-2022-20020 could lead to the local disclosure of sensitive information from affected devices.

Vulnerability/
CVE-2022-20020

medium

5.5

CWE

4/1/2022

21/11/2024

CVE-2022-20020: Input Validation

First published: Tue Jan 04 2022(Updated: )

In libvcodecdrv, there is a possible information disclosure due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05943906; Issue ID: ALPS05943906.

Credit: security@mediatek.com

Affected Software	Affected Version	How to fix
All of
Google Android	=11.0
Any of
MediaTek MT6739
MediaTek MT6768
MediaTek MT6779
MediaTek MT6781
MediaTek MT6785T
MediaTek MT6833
MediaTek MT6853
MediaTek MT6873
MediaTek MT6877
MediaTek MT6885
MediaTek MT6893
Mediatek MT8167
MediaTek MT8168
MediaTek MT8173
MediaTek MT8185
MediaTek MT8321
MediaTek MT8362A Firmware
MediaTek MT8365 Firmware
MediaTek MT8385 Firmware
MediaTek MT8765
MediaTek MT8766Z
MediaTek MT8768
mediatek mt8786
MediaTek MT8788 Firmware
MediaTek MT8789
MediaTek MT8791 WiFi
MediaTek MT8797
Google Android	=11.0
MediaTek MT6739
MediaTek MT6768
MediaTek MT6779
MediaTek MT6781
MediaTek MT6785T
MediaTek MT6833
MediaTek MT6853
MediaTek MT6873
MediaTek MT6877
MediaTek MT6885
MediaTek MT6893
Mediatek MT8167
MediaTek MT8168
MediaTek MT8173
MediaTek MT8185
MediaTek MT8321
MediaTek MT8362A Firmware
MediaTek MT8365 Firmware
MediaTek MT8385 Firmware
MediaTek MT8765
MediaTek MT8766Z
MediaTek MT8768
mediatek mt8786
MediaTek MT8788 Firmware
MediaTek MT8789
MediaTek MT8791 WiFi
MediaTek MT8797

Never miss a vulnerability like this again

Reference Links

https://corp.mediatek.com/product-security-bulletin/January-2022

Frequently Asked Questions

What is the severity of CVE-2022-20020?
CVE-2022-20020 is classified as a high severity vulnerability that allows for local information disclosure.
How do I fix CVE-2022-20020?
To fix CVE-2022-20020, apply the security patch identified as ALPS05943906.
Who is affected by CVE-2022-20020?
CVE-2022-20020 affects devices running Google Android version 11.0 with certain MediaTek chipsets.
Can CVE-2022-20020 be exploited remotely?
No, CVE-2022-20020 requires local access to the vulnerable device for exploitation.
What could be compromised due to CVE-2022-20020?
CVE-2022-20020 could lead to the local disclosure of sensitive information from affected devices.

Frequently Asked Questions

What is the severity of CVE-2022-20020?
CVE-2022-20020 is classified as a high severity vulnerability that allows for local information disclosure.
How do I fix CVE-2022-20020?
To fix CVE-2022-20020, apply the security patch identified as ALPS05943906.
Who is affected by CVE-2022-20020?
CVE-2022-20020 affects devices running Google Android version 11.0 with certain MediaTek chipsets.
Can CVE-2022-20020 be exploited remotely?
No, CVE-2022-20020 requires local access to the vulnerable device for exploitation.
What could be compromised due to CVE-2022-20020?
CVE-2022-20020 could lead to the local disclosure of sensitive information from affected devices.

CVE-2022-20020: Input Validation

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2022-20020?

How do I fix CVE-2022-20020?

Who is affected by CVE-2022-20020?

Can CVE-2022-20020 be exploited remotely?

What could be compromised due to CVE-2022-20020?

Company

Resources

Contact

Frequently Asked Questions

What is the severity of CVE-2022-20020?

How do I fix CVE-2022-20020?

Who is affected by CVE-2022-20020?

Can CVE-2022-20020 be exploited remotely?

What could be compromised due to CVE-2022-20020?