CVE-2022-32619
Description
In keyinstall, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07439659; Issue ID: ALPS07439659.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
In keyinstall on MediaTek chipsets, an incorrect bounds check allows out-of-bounds write, leading to local privilege escalation with System privileges required.
Vulnerability
In keyinstall, a buffer copy operation lacks proper size validation (CWE-120), resulting in an out-of-bounds write due to an incorrect bounds check [1]. The vulnerability affects a wide range of MediaTek chipsets including MT6580, MT6731, MT6735, MT6737, MT6739, MT6753, MT6757, MT6757C, MT6757CD, MT6757CH, MT6761, MT6762, MT6763, MT6765, MT6768, MT6769, MT6771, MT6779, MT6781, MT6785, MT6789, MT6833, MT6853, and others [1]. System execution privileges are required to reach the vulnerable code path.
Exploitation
An attacker with System execution privileges can trigger the out-of-bounds write by invoking the keyinstall functionality. No user interaction is needed for exploitation [1]. The exact sequence of steps is not detailed in the available references, but the attacker must have already obtained System-level access on the device.
Impact
Successful exploitation leads to local escalation of privilege (EoP) [1]. While the attacker already has System privileges, the out-of-bounds write may allow further elevation within the system, potentially compromising additional security boundaries.
Mitigation
MediaTek has released a patch identified as ALPS07439659 [1]. Device OEMs were notified at least two months prior to the December 2022 publication date and are expected to distribute the fix through their security update processes. No workarounds are documented, and the vulnerability is not listed on the CISA Known Exploited Vulnerabilities (KEV) catalog as of the publication date.
AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- MediaTek, Inc./MT6580, MT6731, MT6735, MT6737, MT6739, MT6753, MT6757, MT6757C, MT6757CD, MT6757CH, MT6761, MT6762, MT6763, MT6765, MT6768, MT6769, MT6771, MT6779, MT6781, MT6785, MT6789, MT6833, MT6853, MT6853T, MT6855, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6889, MT6891, MT6893, MT6895, MT6983, MT8185, MT8321, MT8385, MT8666, MT8667, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791, MT8791T, MT8797v5Range: Android 10.0, 11.0, 12.0, 13.0
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.