First published: Tue Nov 08 2022(Updated: )
In typec, there is a possible out of bounds write due to an incorrect calculation of buffer size. This could lead to local escalation of privilege, for an attacker who has physical access to the device, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07262364; Issue ID: ALPS07262364.
Credit: security@mediatek.com
Affected Software | Affected Version | How to fix |
---|---|---|
Google Android | =11.0 | |
Google Android | =12.0 | |
Google Android | =13.0 | |
Mediatek Mt6789 | ||
Mediatek Mt6855 | ||
Mediatek Mt6895 | ||
Mediatek Mt6983 | ||
Mediatek Mt8798 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-32617 is a vulnerability in the typec module that allows for an out of bounds write due to an incorrect calculation of buffer size.
CVE-2022-32617 has a severity rating of medium with a score of 6.8.
CVE-2022-32617 affects Google Android versions 11.0, 12.0, and 13.0.
CVE-2022-32617 can be exploited by an attacker with physical access to the device, without requiring additional execution privileges or user interaction.
To fix CVE-2022-32617, users should apply the necessary security patches provided by the software vendor or device manufacturer.