CVE-2022-32656

moderate-risk

Published 2023-02-06

In Wi-Fi driver, there is a possible undefined behavior due to incorrect error handling. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: GN20220705035; Issue ID: GN20220705035.

Do I need to act?

0.16% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 6.7/10 Medium

LOCAL / LOW complexity

Affected Products (20)

Mt5221 Firmware

Mt7603 Firmware

Mt7613 Firmware

Mt7615 Firmware

Mt7622 Firmware

Mt7628 Firmware

Mt7629 Firmware

Mt7663 Firmware

Mt7668 Firmware

Mt7682 Firmware

Mt7686 Firmware

Mt7687 Firmware

Mt7697 Firmware

Mt7902 Firmware

Mt7915 Firmware

Mt7916 Firmware

Mt7921 Firmware

Mt7933 Firmware

Mt7981 Firmware

Mt7986 Firmware

Affected Vendors

Mediatek

References (2)

Vendor Advisory https://corp.mediatek.com/product-security-bulletin/February-2023

/ 100

moderate-risk

Severity 21/34 · High

Exploitability 1/34 · Minimal

Exposure 22/34 · High