Cloud Vulnerability DB
A community-led vulnerabilities database
Vulnerability DatabaseCVE-2022-20062
CVE-2022-20062:
NixOS vulnerability analysis and mitigation
Overview
A medium severity vulnerability identified as CVE-2022-20062 was discovered in the mdp component of MediaTek chipsets. The vulnerability was disclosed in April 2022 and affects various MediaTek chipset models running Android 11.0 and 12.0 operating systems (MediaTek Bulletin).
Technical details
The vulnerability is classified as a Use After Free (CWE-416) issue in the mdp component. This type of vulnerability occurs when a program continues to use a pointer after it has been freed, which can lead to memory corruption (MediaTek Bulletin).
Impact
The vulnerability could potentially lead to local escalation of privilege when exploited. The attack requires System execution privileges to be successful (MediaTek Bulletin).
Mitigation and workarounds
The vulnerability affects multiple MediaTek chipsets including MT6765, MT6785, MT6833, MT6853, MT6873, and several others. The issue has been addressed in Android versions 11.0 and 12.0. Device manufacturers have been notified and provided with security patches (MediaTek Bulletin).
Additional resources
Source: This report was generated using AI
Related NixOS vulnerabilities:
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Additional Wiz resources
Get a personalized demo
Ready to see Wiz in action?
"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management