CVE-2022-32663

CVSS 7.5 HIGHEPSS 1.6%CWE-476

In short

A flaw in the Wi-Fi driver can cause the system to crash when it encounters a null pointer, allowing an attacker to remotely shut down a device without needing special permissions or user interaction.

Technical detail

A null pointer dereference vulnerability in the Wi-Fi driver allows remote denial of service attacks. The vulnerability requires network-level access to send malformed Wi-Fi packets that trigger the crash, with no authentication or user interaction needed.

Summary generated and translated by AI from the official description.

In Wi-Fi driver, there is a possible system crash due to null pointer dereference. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: GN20220720014; Issue ID: GN20220720014.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected products

MediaTek, Inc. · MT5221, MT7603, MT7613, MT7615, MT7622, MT7628, MT7629, MT7668, MT7902, MT7915, MT7916, MT7921, MT7981, MT7986, MT8167S, MT8175, MT8362A, MT8365, MT8385, MT8518S, MT8532, MT8788

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://corp.mediatek.com/product-security-bulletin/February-2023