CVE-2022-20099 – CVE-2022-20099 is an out-of-bounds write vulner... (How to Fix)

Q: What is the severity of CVE-2022-20099?

CVE-2022-20099 has a CVSS score of 7.8 (HIGH). CVE-2022-20099 is an out-of-bounds write vulnerability in the aee daemon on MediaTek devices, allowing local privilege escalation to System level without user interaction. This affects Android devices using MediaTek chipsets, potentially enabling attackers to gain full system control.

📋 TL;DR

CVE-2022-20099 is an out-of-bounds write vulnerability in the aee daemon on MediaTek devices, allowing local privilege escalation to System level without user interaction. This affects Android devices using MediaTek chipsets, potentially enabling attackers to gain full system control.

💻 Affected Systems

Products:

Android devices with MediaTek chipsets

Versions: Specific MediaTek firmware versions before patch ALPS06296442

Operating Systems: Android

Default Config Vulnerable: ⚠️ Yes

Notes: Requires MediaTek chipset with vulnerable aee daemon implementation. Exact device models not specified in bulletin.

📦 What is this software?

Android by Google

View all CVEs affecting Android →

Android by Google

View all CVEs affecting Android →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device compromise with System privileges, allowing installation of persistent malware, data theft, and bypassing all security controls.

🟠

Likely Case

Local attacker gains System privileges to install malicious apps, modify system files, or access protected data.

🟢

If Mitigated

Limited impact if devices are patched, have strict app installation policies, and minimal local attack surface.

🌐 Internet-Facing: LOW - Requires local access to device, not directly exploitable over network.

🏢 Internal Only: HIGH - Malicious apps or users with physical/network access to device can exploit locally.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires local access and System execution privileges to trigger, but no user interaction needed. No public exploit code known.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Firmware with patch ID ALPS06296442

Vendor Advisory: https://corp.mediatek.com/product-security-bulletin/May-2022

Restart Required: Yes

Instructions:

1. Check with device manufacturer for firmware updates. 2. Apply MediaTek security patch ALPS06296442. 3. Reboot device after update.

🔧 Temporary Workarounds

Disable unnecessary daemons

android

Restrict aee daemon permissions if not required for device functionality

adb shell pm disable com.mediatek.aee (if applicable and safe)

🧯 If You Can't Patch

Restrict physical access to devices and implement strict app installation policies
Monitor for suspicious privilege escalation attempts and unusual system daemon activity

🔍 How to Verify

Check if Vulnerable:

Check firmware version against MediaTek security bulletin or contact device manufacturer

Check Version:

adb shell getprop ro.build.fingerprint or check Settings > About Phone

Verify Fix Applied:

Verify patch ALPS06296442 is applied in firmware version information

📡 Detection & Monitoring

Log Indicators:

Unusual aee daemon crashes
Privilege escalation attempts in system logs
Unexpected System process spawns

Network Indicators:

None - local exploit only

SIEM Query:

Process creation where parent_process contains 'aee' AND process_integrity_level changes to SYSTEM

📊 Metadata

CVE ID: CVE-2022-20099

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-787

Published: May 3, 2022

Last Updated: November 21, 2024

🔗 References

https://corp.mediatek.com/product-security-bulletin/May-2022 Vendor Advisory
https://corp.mediatek.com/product-security-bulletin/May-2022 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-20099, you might also want to check these: