Cloud Vulnerability DB
A community-led vulnerabilities database
Vulnerability DatabaseCVE-2022-26455
CVE-2022-26455:
NixOS vulnerability analysis and mitigation
Overview
CVE-2022-26455 is a vulnerability discovered in MediaTek's gz component that affects multiple chipsets running Android 12.0. The vulnerability was disclosed and patched in September 2022 as part of MediaTek's security bulletin (MediaTek Bulletin).
Technical details
The vulnerability is classified as a memory corruption issue due to incorrect error handling in the gz component. It has been assigned a medium severity rating and is categorized under CWE-755 (Improper Handling of Exceptional Conditions). The vulnerability affects MediaTek chipsets including MT6789, MT6855, MT6879, MT6895, and MT6983 running Android 12.0 (MediaTek Bulletin).
Impact
If exploited, this vulnerability could lead to local escalation of privilege with System execution privileges needed. The vulnerability requires no user interaction for exploitation (MediaTek Bulletin).
Mitigation and workarounds
MediaTek has released security patches for this vulnerability and notified device OEMs. The fix was included in the September 2022 security update. Users should ensure their devices are updated with the latest security patches (MediaTek Bulletin).
Additional resources
Source: This report was generated using AI
Related NixOS vulnerabilities:
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Additional Wiz resources
Get a personalized demo
Ready to see Wiz in action?
"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management