Login Sign Up

CVE-2022-20012

7.8 HIGH

📋 TL;DR

CVE-2022-20012 is an integer overflow vulnerability in MediaTek's MDP driver that could allow local attackers to execute arbitrary code with kernel privileges. This affects Android devices using MediaTek chipsets. No user interaction is required for exploitation.

💻 Affected Systems

Products:
  • Android devices with MediaTek chipsets
Versions: Android versions prior to January 2022 security patches
Operating Systems: Android
Default Config Vulnerable: ⚠️ Yes
Notes: Specifically affects MediaTek MDP (Memory Display Processor) driver in kernel space

📦 What is this software?

Android by Google

View all CVEs affecting Android →

Android by Google

View all CVEs affecting Android →

Android by Google

View all CVEs affecting Android →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device compromise allowing attackers to install persistent malware, access all user data, and bypass security controls.

🟠

Likely Case

Local privilege escalation allowing attackers to gain root access and install malicious applications.

🟢

If Mitigated

Limited impact with proper kernel hardening and SELinux policies in place.

🌐 Internet-Facing: LOW (requires local access to device)
🏢 Internal Only: HIGH (any malicious app or user with physical access can exploit)

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Requires local access but no special permissions. Kernel exploitation requires specific knowledge of MediaTek driver internals.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: January 2022 Android security patch level

Vendor Advisory: https://corp.mediatek.com/product-security-bulletin/January-2022

Restart Required: Yes

Instructions:

1. Apply January 2022 Android security patch from device manufacturer. 2. Update device firmware through official OTA updates. 3. Reboot device after update completes.

🔧 Temporary Workarounds

Disable vulnerable driver module

linux

Prevent loading of the vulnerable MDP driver module

rmmod mdp_driver
echo 'blacklist mdp_driver' >> /etc/modprobe.d/blacklist.conf

🧯 If You Can't Patch

  • Restrict physical access to devices and implement strict app installation policies
  • Enable SELinux in enforcing mode and implement kernel hardening features

🔍 How to Verify

Check if Vulnerable:

Check Android security patch level: Settings > About phone > Android security patch level. If before January 2022, device is vulnerable.

Check Version:

adb shell getprop ro.build.version.security_patch

Verify Fix Applied:

Verify Android security patch level shows January 2022 or later. Check kernel version includes patch ID ALPS05836478.

📡 Detection & Monitoring

Log Indicators:

  • Kernel panic logs
  • Unexpected MDP driver crashes
  • SELinux denials for mdp operations

Network Indicators:

  • None (local exploit only)

SIEM Query:

source="android_kernel" AND ("mdp" OR "ALPS05836478") AND ("panic" OR "oops" OR "segfault")

📊 Metadata

CVE ID: CVE-2022-20012
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-190
Published: January 4, 2022
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-20012, you might also want to check these:

CVE-2025-64721 10.0

This vulnerability in Sandboxie allows sandboxed processes to exploit an integer overflow in the Sbi...

Same vulnerability type (CWE-190)
CVE-2025-52581 9.8

An integer overflow vulnerability in libbiosig's GDF file parsing allows arbitrary code execution wh...

Same vulnerability type (CWE-190)
CVE-2025-53518 9.8

An integer overflow vulnerability in libbiosig's ABF file parser allows arbitrary code execution whe...

Same vulnerability type (CWE-190)