Learn about CVE-2022-21775, a vulnerability impacting a range of MediaTek devices, allowing local privilege escalation without user interaction. Find out the affected systems, versions, and mitigation steps.
This article provides an overview of CVE-2022-21775, a vulnerability in MediaTek devices that could lead to local privilege escalation without requiring user interaction.
Understanding CVE-2022-21775
CVE-2022-21775 is a vulnerability found in MediaTek devices that could potentially allow an attacker to escalate their privilege locally without the need for any user interaction.
What is CVE-2022-21775?
The vulnerability exists in the sched driver, where a use-after-free scenario occurs due to improper locking. This flaw could result in the escalation of privilege locally, requiring System execution privileges but not user interaction for exploitation.
The Impact of CVE-2022-21775
If exploited, this vulnerability could enable an attacker to elevate their privileges locally, potentially leading to unauthorized access or control over the affected system.
Technical Details of CVE-2022-21775
Below are the technical details related to CVE-2022-21775:
Vulnerability Description
The vulnerability arises in the sched driver due to improper locking, allowing a possible use-after-free scenario that can lead to local escalation of privilege.
Affected Systems and Versions
The following MediaTek devices are affected by CVE-2022-21775: MT6761, MT6762, MT6763, MT6765, MT6768, MT6769, MT6771, MT6779, MT6781, MT6785, MT6789, MT6795, MT6797, MT6799, MT6833, MT6853, MT6853T, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6889, MT6891, MT6893, MT6895, MT8167, MT8167S, MT8168, MT8173, MT8185, MT8321, MT8362A, MT8365, MT8385, MT8666, MT8675, MT8768, MT8786, MT8788, MT8789, MT8791, MT8797. The affected versions include Android 11.0 and 12.0.
Exploitation Mechanism
The vulnerability can be exploited by an attacker to locally escalate their privileges without the need for any user interaction, posing a risk of unauthorized actions on the affected system.
Mitigation and Prevention
To mitigate the risks associated with CVE-2022-21775, consider the following:
Immediate Steps to Take
Long-Term Security Practices
Patching and Updates