CVE-2022-26450
Description
In apusys, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07177801; Issue ID: ALPS07177801.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A use-after-free race condition in MediaTek apusys allows local escalation of privilege with system execution privileges.
Vulnerability
In the apusys driver on MediaTek chipsets, a race condition can trigger a use-after-free (UAF) vulnerability. The affected versions are those including the vulnerable apusys code; the specific chipsets impacted are listed in the MediaTek September 2022 Security Bulletin [1]. The bug requires System execution privileges to reach the vulnerable code path.
Exploitation
An attacker must already have System execution privileges on the device. With that access, they can trigger a race condition to free a memory object and then reuse it, leading to a use-after-free state. User interaction is not required for exploitation [1].
Impact
Successful exploitation could lead to local escalation of privilege within the System context. The attacker may be able to execute arbitrary code in the kernel or elevate further, depending on the memory corruption [1].
Mitigation
MediaTek has released a fix identified by Patch ID ALPS07177801 in the September 2022 Product Security Bulletin [1]. The recommended mitigation is to apply the security patch from MediaTek. No other workarounds have been publicly disclosed.
AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- MediaTek, Inc./MT6879, MT6895, MT6983v5Range: Android 12.0
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- corp.mediatek.com/product-security-bulletin/September-2022mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.