Login Sign Up

CVE-2022-20047

7.8 HIGH

📋 TL;DR

CVE-2022-20047 is an out-of-bounds write vulnerability in MediaTek video decoder components that allows local privilege escalation without user interaction. Attackers can exploit this to gain elevated system privileges on affected devices. This primarily affects Android devices using MediaTek chipsets.

💻 Affected Systems

Products:
  • MediaTek chipset-based Android devices
Versions: Specific MediaTek firmware versions prior to patch ALPS05917489
Operating Systems: Android
Default Config Vulnerable: ⚠️ Yes
Notes: Affects devices with MediaTek video decoder hardware/software. Exact device models depend on manufacturer implementation.

📦 What is this software?

Android by Google

View all CVEs affecting Android →

Android by Google

View all CVEs affecting Android →

Android by Google

View all CVEs affecting Android →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with root privileges, allowing installation of persistent malware, data theft, and device control.

🟠

Likely Case

Local privilege escalation to gain elevated permissions for further attacks or data access.

🟢

If Mitigated

Limited impact if proper kernel hardening, SELinux policies, and privilege separation are implemented.

🌐 Internet-Facing: LOW - This is a local privilege escalation requiring local access, not directly exploitable over network.
🏢 Internal Only: HIGH - Once an attacker gains local access (physical or via another vulnerability), they can exploit this to gain full system control.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Requires local access but no user interaction. Exploitation requires understanding of video decoder memory structures.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Firmware with patch ID ALPS05917489

Vendor Advisory: https://corp.mediatek.com/product-security-bulletin/March-2022

Restart Required: Yes

Instructions:

1. Check device manufacturer for security updates. 2. Apply Android security patch from March 2022 or later. 3. Update MediaTek firmware if available. 4. Reboot device after update.

🔧 Temporary Workarounds

Disable vulnerable video codecs

android

Restrict or disable MediaTek video decoder functionality if not required

Enhanced SELinux policies

android

Implement strict SELinux policies to limit video decoder process privileges

🧯 If You Can't Patch

  • Implement strict application sandboxing and privilege separation
  • Monitor for unusual video decoder process behavior and privilege escalation attempts

🔍 How to Verify

Check if Vulnerable:

Check Android security patch level (Settings > About phone > Android version). If before March 2022, likely vulnerable. Check MediaTek firmware version via engineering mode.

Check Version:

adb shell getprop ro.build.version.security_patch

Verify Fix Applied:

Verify Android security patch level is March 2022 or later. Check with manufacturer for specific MediaTek patch confirmation.

📡 Detection & Monitoring

Log Indicators:

  • Unusual video decoder process crashes
  • Privilege escalation attempts in kernel logs
  • SELinux denials related to video decoder

Network Indicators:

  • None - local exploit only

SIEM Query:

Process creation where parent is video decoder service with elevated privileges

📊 Metadata

CVE ID: CVE-2022-20047
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-787
Published: March 10, 2022
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-20047, you might also want to check these:

CVE-2019-5684 10.0

This vulnerability in NVIDIA Windows GPU Display Drivers allows specially crafted DirectX shaders to...

Same vulnerability type (CWE-787)
CVE-2022-43604 10.0

CVE-2022-43604 is a critical out-of-bounds write vulnerability in the OpENer EtherNet/IP stack that ...

Same vulnerability type (CWE-787)
CVE-2019-5049 10.0

This vulnerability allows an attacker to execute arbitrary code on systems with vulnerable AMD graph...

Same vulnerability type (CWE-787)