CVE-2022-20022
First published: Tue Jan 04 2022(Updated: )
In Bluetooth, there is a possible link disconnection due to bluetooth does not properly handle a connection attempt from a host with the same BD address as the currently connected BT host. This could lead to remote denial of service of bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06198578; Issue ID: ALPS06198578.
Credit: security@mediatek.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Google Android | =10.0 | |
| Google Android | =11.0 | |
| Mediatek Mt6580 | ||
| Mediatek Mt6630 | ||
| Mediatek Mt6735 | ||
| Mediatek Mt6737 | ||
| Mediatek Mt6739 | ||
| Mediatek Mt6750s | ||
| Mediatek Mt6753 | ||
| Mediatek Mt6755s | ||
| Mediatek Mt6757 | ||
| Mediatek Mt6757c | ||
| Mediatek Mt6757cd | ||
| Mediatek Mt6757ch | ||
| Mediatek Mt6763 | ||
| Mediatek Mt6771 | ||
| Mediatek Mt7662t | ||
| Mediatek Mt7663 | ||
| Mediatek Mt7668 | ||
| Mediatek Mt8163 | ||
| Mediatek Mt8167 | ||
| Mediatek Mt8167s | ||
| Mediatek Mt8173 | ||
| Mediatek Mt8183 | ||
| Mediatek Mt8321 | ||
| Mediatek Mt8362a | ||
| Mediatek Mt8362b | ||
| Mediatek Mt8385 | ||
| Mediatek Mt8765 | ||
| Mediatek Mt8788 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2022-20022?
CVE-2022-20022 is a vulnerability in Bluetooth where a link disconnection can occur due to improper handling of a connection attempt from a host with the same BD address.
What is the severity of CVE-2022-20022?
The severity of CVE-2022-20022 is medium with a CVSS score of 6.5.
Which software versions are affected by CVE-2022-20022?
Google Android 10.0 and 11.0 are affected by CVE-2022-20022.
How can CVE-2022-20022 be exploited?
CVE-2022-20022 can be exploited by a remote attacker sending a connection attempt from a host with the same BD address as the currently connected BT host, leading to a denial of service.
Is Mediatek Mt6580 vulnerable to CVE-2022-20022?
No, Mediatek Mt6580 is not vulnerable to CVE-2022-20022.
- agent/first-publish-date
- agent/last-modified-date
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/references
- agent/severity
- agent/author
- agent/softwarecombine
- agent/description
- agent/type
- agent/event
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/google
- canonical/google android
- version/google android/10.0
- version/google android/11.0
- vendor/mediatek
- canonical/mediatek mt6580
- canonical/mediatek mt6630
- canonical/mediatek mt6735
- canonical/mediatek mt6737
- canonical/mediatek mt6739
- canonical/mediatek mt6750s
- canonical/mediatek mt6753
- canonical/mediatek mt6755s
- canonical/mediatek mt6757
- canonical/mediatek mt6757c
- canonical/mediatek mt6757cd
- canonical/mediatek mt6757ch
- canonical/mediatek mt6763
- canonical/mediatek mt6771
- canonical/mediatek mt7662t
- canonical/mediatek mt7663
- canonical/mediatek mt7668
- canonical/mediatek mt8163
- canonical/mediatek mt8167
- canonical/mediatek mt8167s
- canonical/mediatek mt8173
- canonical/mediatek mt8183
- canonical/mediatek mt8321
- canonical/mediatek mt8362a
- canonical/mediatek mt8362b
- canonical/mediatek mt8385
- canonical/mediatek mt8765
- canonical/mediatek mt8788