CVE-2022-32602

Vulnerability

In the keyinstall component on MediaTek chipsets, a missing bounds check leads to an out-of-bounds read vulnerability. The flaw is present in firmware versions prior to the patch identified by ALPS07388790. Affected chipsets include MT6739, MT6761, MT6762, MT6763, MT6765, MT6768, MT6769, MT6771, MT6779, MT6781, MT6785, MT6789, MT6833, MT6853, MT6853T, MT6855, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6889, MT6891, MT6893, MT6895, MT6983, MT8321, MT8385, MT8666, MT8675, MT8765, MT8766, MT8768, MT876 and others [1].

Exploitation

An attacker with local access to the device can exploit this vulnerability without any additional execution privileges or user interaction. The out-of-bounds read can be triggered by providing crafted input to the keyinstall component, which lacks proper bounds validation [1].

Impact

Successful exploitation results in reading memory outside the intended buffer, leading to local information disclosure. The attacker may obtain sensitive data from kernel or userspace memory, depending on the memory layout [1].

Mitigation

MediaTek released a security patch for this vulnerability, identified as ALPS07388790, in the November 2022 Product Security Bulletin [1]. Device OEMs should deploy the patch to affected chipsets. No workaround is provided, and the vulnerability is not listed in CISA's Known Exploited Vulnerabilities catalog as of the publication date.