Cloud Defense Logo

Products

Solutions

Company

Book A Live Demo

CVE-2022-21775 : What You Need to Know

Learn about CVE-2022-21775, a vulnerability impacting a range of MediaTek devices, allowing local privilege escalation without user interaction. Find out the affected systems, versions, and mitigation steps.

This article provides an overview of CVE-2022-21775, a vulnerability in MediaTek devices that could lead to local privilege escalation without requiring user interaction.

Understanding CVE-2022-21775

CVE-2022-21775 is a vulnerability found in MediaTek devices that could potentially allow an attacker to escalate their privilege locally without the need for any user interaction.

What is CVE-2022-21775?

The vulnerability exists in the sched driver, where a use-after-free scenario occurs due to improper locking. This flaw could result in the escalation of privilege locally, requiring System execution privileges but not user interaction for exploitation.

The Impact of CVE-2022-21775

If exploited, this vulnerability could enable an attacker to elevate their privileges locally, potentially leading to unauthorized access or control over the affected system.

Technical Details of CVE-2022-21775

Below are the technical details related to CVE-2022-21775:

Vulnerability Description

The vulnerability arises in the sched driver due to improper locking, allowing a possible use-after-free scenario that can lead to local escalation of privilege.

Affected Systems and Versions

The following MediaTek devices are affected by CVE-2022-21775: MT6761, MT6762, MT6763, MT6765, MT6768, MT6769, MT6771, MT6779, MT6781, MT6785, MT6789, MT6795, MT6797, MT6799, MT6833, MT6853, MT6853T, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6889, MT6891, MT6893, MT6895, MT8167, MT8167S, MT8168, MT8173, MT8185, MT8321, MT8362A, MT8365, MT8385, MT8666, MT8675, MT8768, MT8786, MT8788, MT8789, MT8791, MT8797. The affected versions include Android 11.0 and 12.0.

Exploitation Mechanism

The vulnerability can be exploited by an attacker to locally escalate their privileges without the need for any user interaction, posing a risk of unauthorized actions on the affected system.

Mitigation and Prevention

To mitigate the risks associated with CVE-2022-21775, consider the following:

Immediate Steps to Take

        Apply the provided patch ID: ALPS06479032 to address the vulnerability.

Long-Term Security Practices

        Regularly update your MediaTek devices to the latest firmware versions to protect against known vulnerabilities.

Patching and Updates

        Stay informed about security bulletins and updates from MediaTek to apply patches promptly.

Popular CVEs

CVE Id

Published Date

Is your System Free of Underlying Vulnerabilities?
Find Out Now