6.7

CVE-2022-32607

In aee, there is a possible use after free due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07202891; Issue ID: ALPS07202891.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
GoogleAndroid Version11.0
   MediatekMt6580 Version-
   MediatekMt6739 Version-
   MediatekMt6761 Version-
   MediatekMt6762 Version-
   MediatekMt6765 Version-
   MediatekMt6768 Version-
   MediatekMt6769 Version-
   MediatekMt6771 Version-
   MediatekMt6779 Version-
   MediatekMt6781 Version-
   MediatekMt6785 Version-
   MediatekMt6789 Version-
   MediatekMt6833 Version-
   MediatekMt6853 Version-
   MediatekMt6853t Version-
   MediatekMt6873 Version-
   MediatekMt6875 Version-
   MediatekMt6877 Version-
   MediatekMt6879 Version-
   MediatekMt6883 Version-
   MediatekMt6885 Version-
   MediatekMt6889 Version-
   MediatekMt6891 Version-
   MediatekMt6893 Version-
   MediatekMt6895 Version-
   MediatekMt6983 Version-
   MediatekMt8167 Version-
   MediatekMt8167s Version-
   MediatekMt8168 Version-
   MediatekMt8173 Version-
   MediatekMt8175 Version-
   MediatekMt8362a Version-
   MediatekMt8365 Version-
   MediatekMt8385 Version-
   MediatekMt8666 Version-
   MediatekMt8675 Version-
   MediatekMt8696 Version-
   MediatekMt8765 Version-
   MediatekMt8766 Version-
   MediatekMt8768 Version-
   MediatekMt8786 Version-
   MediatekMt8788 Version-
   MediatekMt8791 Version-
   MediatekMt8791t Version-
   MediatekMt8795t Version-
   MediatekMt8797 Version-
   MediatekMt8871 Version-
   MediatekMt8891 Version-
GoogleAndroid Version12.0
   MediatekMt6580 Version-
   MediatekMt6739 Version-
   MediatekMt6761 Version-
   MediatekMt6762 Version-
   MediatekMt6765 Version-
   MediatekMt6768 Version-
   MediatekMt6769 Version-
   MediatekMt6771 Version-
   MediatekMt6779 Version-
   MediatekMt6781 Version-
   MediatekMt6785 Version-
   MediatekMt6789 Version-
   MediatekMt6833 Version-
   MediatekMt6853 Version-
   MediatekMt6853t Version-
   MediatekMt6873 Version-
   MediatekMt6875 Version-
   MediatekMt6877 Version-
   MediatekMt6879 Version-
   MediatekMt6883 Version-
   MediatekMt6885 Version-
   MediatekMt6889 Version-
   MediatekMt6891 Version-
   MediatekMt6893 Version-
   MediatekMt6895 Version-
   MediatekMt6983 Version-
   MediatekMt8167 Version-
   MediatekMt8167s Version-
   MediatekMt8168 Version-
   MediatekMt8173 Version-
   MediatekMt8175 Version-
   MediatekMt8362a Version-
   MediatekMt8365 Version-
   MediatekMt8385 Version-
   MediatekMt8666 Version-
   MediatekMt8675 Version-
   MediatekMt8696 Version-
   MediatekMt8765 Version-
   MediatekMt8766 Version-
   MediatekMt8768 Version-
   MediatekMt8786 Version-
   MediatekMt8788 Version-
   MediatekMt8791 Version-
   MediatekMt8791t Version-
   MediatekMt8795t Version-
   MediatekMt8797 Version-
   MediatekMt8871 Version-
   MediatekMt8891 Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.02% 0.025
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.7 0.8 5.9
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
134c704f-9b21-4f2e-91b3-4a467353bcc0 6.7 0.8 5.9
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CWE-416 Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.