VYPR
← All advisories
Unrated severityNVD Advisory· Published Jan 3, 2023· Updated Apr 10, 2025

CVE-2022-32636

CVE-2022-32636

Description

In keyinstall, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07510064; Issue ID: ALPS07510064.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Out-of-bounds write in keyinstall due to integer overflow allows local privilege escalation with system execution privileges.

Vulnerability

In keyinstall, an integer overflow leads to a possible out-of-bounds write. This vulnerability affects MediaTek chipsets including MT6580, MT6735, MT6739, MT6753, MT6757, MT6761, MT6762, MT6763, MT6765, MT6768, MT6769, MT6771, MT6779, MT6781, MT6785, MT6789, MT6833, MT6853, MT6853T, MT6855, MT6873, MT6875, MT6877, MT6879, MT6891, MT6893, MT6895, among others [1]. The issue is present in software versions prior to the patch identified by ALPS07510064.

Exploitation

An attacker requires System execution privileges to trigger the integer overflow and subsequent out-of-bounds write. User interaction is not needed for exploitation. The precise steps involve leveraging the overflow within keyinstall to write data beyond the allocated buffer bounds.

Impact

Successful exploitation leads to local escalation of privilege (EoP). The attacker can achieve arbitrary code execution at the System level, fully compromising the affected device's integrity, confidentiality, and availability.

Mitigation

MediaTek released a security patch in January 2023, identified as ALPS07510064 [1]. Device OEMs were notified at least two months prior to publication. Users should apply the update from their device manufacturer as soon as it becomes available. No workaround is documented.

References
  1. January 2023

AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

2
  • Mediatek/keyInstallllm-fuzzy
  • MediaTek, Inc./MT6580, MT6731, MT6735, MT6737, MT6739, MT6753, MT6757, MT6757C, MT6757CD, MT6757CH, MT6761, MT6762, MT6763, MT6765, MT6768, MT6769, MT6771, MT6779, MT6781, MT6785, MT6789, MT6833, MT6853, MT6853T, MT6855, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6889, MT6891, MT6893, MT6895, MT6983, MT8185, MT8321, MT8385, MT8666, MT8667, MT8765, MT8766, MT8768, MT8786, MT8788, MT8789, MT8791, MT8791T, MT8797v5
    Range: Android 10.0, 11.0, 12.0, 13.0

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

1

News mentions

0

No linked articles in our index yet.