First published: Mon Aug 01 2022(Updated: )
In wifi driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: GN20220420037; Issue ID: GN20220420037.
Credit: security@mediatek.com
Affected Software | Affected Version | How to fix |
---|---|---|
Mediatek Mt7603 Firmware | =7.6.2.3 | |
Mediatek Mt7603 | ||
Mediatek Mt7610 Firmware | =7.6.2.3 | |
Mediatek Mt7610 | ||
Mediatek Mt7612 Firmware | =7.6.2.3 | |
Mediatek Mt7612 | ||
Mediatek Mt7613 Firmware | =7.6.2.3 | |
Mediatek Mt7613 | ||
Mediatek Mt7615 Firmware | =7.6.2.3 | |
Mediatek Mt7615 | ||
Mediatek Mt7620 Firmware | =7.6.2.3 | |
Mediatek Mt7620 | ||
Mediatek Mt7622 Firmware | =7.6.2.3 | |
Mediatek Mt7622 | ||
Mediatek Mt7628 Firmware | =7.6.2.3 | |
Mediatek Mt7628 | ||
Mediatek Mt7629 Firmware | =7.6.2.3 | |
Mediatek Mt7629 | ||
Mediatek Mt7915 Firmware | =7.6.2.3 | |
Mediatek Mt7915 | ||
Mediatek Mt7916 Firmware | =7.6.2.3 | |
Mediatek Mt7916 | ||
Mediatek Mt7986 Firmware | =7.6.2.3 | |
Mediatek Mt7986 | ||
Mediatek Mt8981 Firmware | =7.6.2.3 | |
Mediatek Mt8981 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-26440 is a vulnerability in the wifi driver that could lead to local escalation of privilege.
The Mediatek Mt7603, Mt7610, Mt7612, Mt7613, Mt7615, Mt7620, Mt7622, Mt7628, Mt7629, Mt7915, Mt7916, Mt7986, and Mt8981 firmware are affected by CVE-2022-26440.
No, user interaction is not needed for exploitation of CVE-2022-26440.
The severity of CVE-2022-26440 is medium with a CVSS score of 6.7.
You can patch CVE-2022-26440 by applying the patch with ID GN20220420037 provided by Mediatek.