CVE-2022-20042 - Vulnerability Details

Vendors	Products
Google	Android
Mediatek	Mt8167 Mt8175 Mt8183 Mt8362a Mt8365 Mt8385

Link	Providers
https://corp.mediatek.com/product-security-bulletin/February-2022

Show plain JSON

{"containers": {"cna": {"affected": [{"product": "MT8167, MT8175, MT8183, MT8362A, MT8365, MT8385", "vendor": "MediaTek, Inc.", "versions": [{"status": "affected", "version": "Android 8.1, 9.0, 10.0, 11.0, 12.0"}]}], "descriptions": [{"lang": "en", "value": "In Bluetooth, there is a possible information disclosure due to incorrect error handling. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06108487; Issue ID: ALPS06108487."}], "problemTypes": [{"descriptions": [{"description": "Information Disclosure", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-02-09T22:05:45", "orgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374", "shortName": "MediaTek"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://corp.mediatek.com/product-security-bulletin/February-2022"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@mediatek.com", "ID": "CVE-2022-20042", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "MT8167, MT8175, MT8183, MT8362A, MT8365, MT8385", "version": {"version_data": [{"version_value": "Android 8.1, 9.0, 10.0, 11.0, 12.0"}]}}]}, "vendor_name": "MediaTek, Inc."}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In Bluetooth, there is a possible information disclosure due to incorrect error handling. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06108487; Issue ID: ALPS06108487."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Information Disclosure"}]}]}, "references": {"reference_data": [{"name": "https://corp.mediatek.com/product-security-bulletin/February-2022", "refsource": "MISC", "url": "https://corp.mediatek.com/product-security-bulletin/February-2022"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T01:55:46.250Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://corp.mediatek.com/product-security-bulletin/February-2022"}]}]}, "cveMetadata": {"assignerOrgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374", "assignerShortName": "MediaTek", "cveId": "CVE-2022-20042", "datePublished": "2022-02-09T22:05:45", "dateReserved": "2021-10-12T00:00:00", "dateUpdated": "2024-08-03T01:55:46.250Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{

containers : { »

cna : { »

affected : [ »

0 : { »

product : MT8167, MT8175, MT8183, MT8362A, MT8365, MT8385 (string)

vendor : MediaTek, Inc. (string)

versions : [ »

0 : { »

status : affected (string)

version : Android 8.1, 9.0, 10.0, 11.0, 12.0 (string)

}

]

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : In Bluetooth, there is a possible information disclosure due to incorrect error handling. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06108487; Issue ID: ALPS06108487. (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

description : Information Disclosure (string)

lang : en (string)

type : text (string)

}

]

}

]

providerMetadata : { »

dateUpdated : 2022-02-09T22:05:45 (string)

orgId : ee979b05-11f8-4f25-a7e0-a1fa9c190374 (string)

shortName : MediaTek (string)

}

references : [ »

0 : { »

tags : [ »

0 : x_refsource_MISC (string)

]

url : https://corp.mediatek.com/product-security-bulletin/February-2022 (string)

}

]

x_legacyV4Record : { »

CVE_data_meta : { »

ASSIGNER : security@mediatek.com (string)

ID : CVE-2022-20042 (string)

STATE : PUBLIC (string)

}

affects : { »

vendor : { »

vendor_data : [ »

0 : { »

product : { »

product_data : [ »

0 : { »

product_name : MT8167, MT8175, MT8183, MT8362A, MT8365, MT8385 (string)

version : { »

version_data : [ »

0 : { »

version_value : Android 8.1, 9.0, 10.0, 11.0, 12.0 (string)

}

]

}

]

}

vendor_name : MediaTek, Inc. (string)

}

]

}

data_format : MITRE (string)

data_type : CVE (string)

data_version : 4.0 (string)

description : { »

description_data : [ »

0 : { »

lang : eng (string)

value : In Bluetooth, there is a possible information disclosure due to incorrect error handling. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06108487; Issue ID: ALPS06108487. (string)

}

]

}

problemtype : { »

problemtype_data : [ »

0 : { »

description : [ »

0 : { »

lang : eng (string)

value : Information Disclosure (string)

}

]

}

]

}

references : { »

reference_data : [ »

0 : { »

name : https://corp.mediatek.com/product-security-bulletin/February-2022 (string)

refsource : MISC (string)

url : https://corp.mediatek.com/product-security-bulletin/February-2022 (string)

}

]

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-03T01:55:46.250Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

tags : [ »

0 : x_refsource_MISC (string)

1 : x_transferred (string)

]

url : https://corp.mediatek.com/product-security-bulletin/February-2022 (string)

}

]

}

]

}

cveMetadata : { »

assignerOrgId : ee979b05-11f8-4f25-a7e0-a1fa9c190374 (string)

assignerShortName : MediaTek (string)

cveId : CVE-2022-20042 (string)

datePublished : 2022-02-09T22:05:45 (string)

dateReserved : 2021-10-12T00:00:00 (string)

dateUpdated : 2024-08-03T01:55:46.250Z (string)

state : PUBLISHED (string)

}

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:google:android:8.1:*:*:*:*:*:*:*", "matchCriteriaId": "B06BE74B-83F4-41A3-8AD3-2E6248F7B0B2", "vulnerable": true}, {"criteria": "cpe:2.3:o:google:android:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "8DFAAD08-36DA-4C95-8200-C29FE5B6B854", "vulnerable": true}, {"criteria": "cpe:2.3:o:google:android:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "D558D965-FA70-4822-A770-419E73BA9ED3", "vulnerable": true}, {"criteria": "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*", "matchCriteriaId": "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64", "vulnerable": true}, {"criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", "matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:mediatek:mt8167:-:*:*:*:*:*:*:*", "matchCriteriaId": "3B5FE245-6346-4078-A3D0-E5F79BB636B8", "vulnerable": false}, {"criteria": "cpe:2.3:h:mediatek:mt8175:-:*:*:*:*:*:*:*", "matchCriteriaId": "582F1041-CD84-4763-AD6F-E08DD11F689F", "vulnerable": false}, {"criteria": "cpe:2.3:h:mediatek:mt8183:-:*:*:*:*:*:*:*", "matchCriteriaId": "23F65D7B-31A1-4D94-82E9-254A7A6D7BE1", "vulnerable": false}, {"criteria": "cpe:2.3:h:mediatek:mt8362a:-:*:*:*:*:*:*:*", "matchCriteriaId": "2F16F2B9-D89D-4AB2-B768-CB3B22AEFE11", "vulnerable": false}, {"criteria": "cpe:2.3:h:mediatek:mt8365:-:*:*:*:*:*:*:*", "matchCriteriaId": "97C76F98-5D8D-4E52-ABAF-CD27C1205B0E", "vulnerable": false}, {"criteria": "cpe:2.3:h:mediatek:mt8385:-:*:*:*:*:*:*:*", "matchCriteriaId": "299378ED-41CE-4966-99B1-65D2BA1215EF", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "In Bluetooth, there is a possible information disclosure due to incorrect error handling. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06108487; Issue ID: ALPS06108487."}, {"lang": "es", "value": "En Bluetooth, se presenta una posible divulgaci\u00f3n de informaci\u00f3n debido a un manejo incorrecto de errores. Esto podr\u00eda conllevar a una divulgaci\u00f3n de informaci\u00f3n local remota sin ser necesarios privilegios de ejecuci\u00f3n adicionales. No es requerida una interacci\u00f3n del usuario para su explotaci\u00f3n. ID del Parche: ALPS06108487; ID de Incidencia: ALPS06108487"}], "id": "CVE-2022-20042", "lastModified": "2024-11-21T06:42:00.870", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-02-09T23:15:17.590", "references": [{"source": "security@mediatek.com", "tags": ["Vendor Advisory"], "url": "https://corp.mediatek.com/product-security-bulletin/February-2022"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://corp.mediatek.com/product-security-bulletin/February-2022"}], "sourceIdentifier": "security@mediatek.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-755"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:google:android:8.1:*:*:*:*:*:*:* (string)

matchCriteriaId : B06BE74B-83F4-41A3-8AD3-2E6248F7B0B2 (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:o:google:android:9.0:*:*:*:*:*:*:* (string)

matchCriteriaId : 8DFAAD08-36DA-4C95-8200-C29FE5B6B854 (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:o:google:android:10.0:*:*:*:*:*:*:* (string)

matchCriteriaId : D558D965-FA70-4822-A770-419E73BA9ED3 (string)

vulnerable : true (boolean)

}

3 : { »

criteria : cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:* (string)

matchCriteriaId : 109DD7FD-3A48-4C3D-8E1A-4433B98E1E64 (string)

vulnerable : true (boolean)

}

4 : { »

criteria : cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:* (string)

matchCriteriaId : F8FB8EE9-FC56-4D5E-AE55-A5967634740C (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:h:mediatek:mt8167:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 3B5FE245-6346-4078-A3D0-E5F79BB636B8 (string)

vulnerable : false (boolean)

}

1 : { »

criteria : cpe:2.3:h:mediatek:mt8175:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 582F1041-CD84-4763-AD6F-E08DD11F689F (string)

vulnerable : false (boolean)

}

2 : { »

criteria : cpe:2.3:h:mediatek:mt8183:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 23F65D7B-31A1-4D94-82E9-254A7A6D7BE1 (string)

vulnerable : false (boolean)

}

3 : { »

criteria : cpe:2.3:h:mediatek:mt8362a:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 2F16F2B9-D89D-4AB2-B768-CB3B22AEFE11 (string)

vulnerable : false (boolean)

}

4 : { »

criteria : cpe:2.3:h:mediatek:mt8365:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 97C76F98-5D8D-4E52-ABAF-CD27C1205B0E (string)

vulnerable : false (boolean)

}

5 : { »

criteria : cpe:2.3:h:mediatek:mt8385:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 299378ED-41CE-4966-99B1-65D2BA1215EF (string)

vulnerable : false (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : In Bluetooth, there is a possible information disclosure due to incorrect error handling. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06108487; Issue ID: ALPS06108487. (string)

}

1 : { »

lang : es (string)

value : En Bluetooth, se presenta una posible divulgación de información debido a un manejo incorrecto de errores. Esto podría conllevar a una divulgación de información local remota sin ser necesarios privilegios de ejecución adicionales. No es requerida una interacción del usuario para su explotación. ID del Parche: ALPS06108487; ID de Incidencia: ALPS06108487 (string)

}

]

id : CVE-2022-20042 (string)

lastModified : 2024-11-21T06:42:00.870 (string)

metrics : { »

cvssMetricV2 : [ »

0 : { »

acInsufInfo : false (boolean)

baseSeverity : LOW (string)

cvssData : { »

accessComplexity : LOW (string)

accessVector : LOCAL (string)

authentication : NONE (string)

availabilityImpact : NONE (string)

baseScore : 2.1 (number)

confidentialityImpact : PARTIAL (string)

integrityImpact : NONE (string)

vectorString : AV:L/AC:L/Au:N/C:P/I:N/A:N (string)

version : 2.0 (string)

}

exploitabilityScore : 3.9 (number)

impactScore : 2.9 (number)

obtainAllPrivilege : false (boolean)

obtainOtherPrivilege : false (boolean)

obtainUserPrivilege : false (boolean)

source : nvd@nist.gov (string)

type : Primary (string)

userInteractionRequired : false (boolean)

}

]

cvssMetricV31 : [ »

0 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : LOCAL (string)

availabilityImpact : NONE (string)

baseScore : 5.5 (number)

baseSeverity : MEDIUM (string)

confidentialityImpact : HIGH (string)

integrityImpact : NONE (string)

privilegesRequired : LOW (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N (string)

version : 3.1 (string)

}

exploitabilityScore : 1.8 (number)

impactScore : 3.6 (number)

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

published : 2022-02-09T23:15:17.590 (string)

references : [ »

0 : { »

source : security@mediatek.com (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://corp.mediatek.com/product-security-bulletin/February-2022 (string)

}

1 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://corp.mediatek.com/product-security-bulletin/February-2022 (string)

}

]

sourceIdentifier : security@mediatek.com (string)

vulnStatus : Modified (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-755 (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

Affected Vendors & Products

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object