First published: Tue Jan 04 2022(Updated: )
In Bluetooth, there is a possible link disconnection due to bluetooth does not properly handle a connection attempt from a host with the same BD address as the currently connected BT host. This could lead to remote denial of service of bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06198578; Issue ID: ALPS06198578.
Credit: security@mediatek.com
Affected Software | Affected Version | How to fix |
---|---|---|
Google Android | =10.0 | |
Google Android | =11.0 | |
Mediatek Mt6580 | ||
Mediatek Mt6630 | ||
Mediatek Mt6735 | ||
Mediatek Mt6737 | ||
Mediatek Mt6739 | ||
Mediatek Mt6750s | ||
Mediatek Mt6753 | ||
Mediatek Mt6755s | ||
Mediatek Mt6757 | ||
Mediatek Mt6757c | ||
Mediatek Mt6757cd | ||
Mediatek Mt6757ch | ||
Mediatek Mt6763 | ||
Mediatek Mt6771 | ||
Mediatek Mt7662t | ||
Mediatek Mt7663 | ||
Mediatek Mt7668 | ||
Mediatek Mt8163 | ||
Mediatek Mt8167 | ||
Mediatek Mt8167s | ||
Mediatek Mt8173 | ||
Mediatek Mt8183 | ||
Mediatek Mt8321 | ||
Mediatek Mt8362a | ||
Mediatek Mt8362b | ||
Mediatek Mt8385 | ||
Mediatek Mt8765 | ||
Mediatek Mt8788 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-20022 is a vulnerability in Bluetooth where a link disconnection can occur due to improper handling of a connection attempt from a host with the same BD address.
The severity of CVE-2022-20022 is medium with a CVSS score of 6.5.
Google Android 10.0 and 11.0 are affected by CVE-2022-20022.
CVE-2022-20022 can be exploited by a remote attacker sending a connection attempt from a host with the same BD address as the currently connected BT host, leading to a denial of service.
No, Mediatek Mt6580 is not vulnerable to CVE-2022-20022.