CVE-2021-0417: August 2021

August 2021 Product Security Bulletin

Published 2021-08-05

The MediaTek Product Security Bulletin contains details of security vulnerabilities affecting MediaTek smartphone chipsets. Device OEMs have been notified of all the issues and the corresponding security patches for at least a month before publication.

The severity of the identified vulnerabilities was conducted based on the Common Vulnerability Scoring System version 3.1 (CVSS v3.1).

****Summary****

Severity

CVEs

High

CVE-2021-0573, CVE-2021-0574, CVE-2021-0576, CVE-2021-0578, CVE-2021-0579, CVE-2021-0580, CVE-2021-0581, CVE-2021-0582

Medium

CVE-2021-0407, CVE-2021-0408, CVE-2021-0415, CVE-2021-0416, CVE-2021-0417, CVE-2021-0418, CVE-2021-0419, CVE-2021-0420, CVE-2021-0626, CVE-2021-0627, CVE-2021-0628

****Details****

CVE

CVE-2021-0573

Title

Improper check or handling of exceptional conditions in asf extractor

Severity

High

Vulnerability Type

EoP

CWE

CWE-703 Improper Check or Handling of Exceptional Conditions

Description

In asf extractor, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT6570, MT6580, MT6735, MT6737, MT6739, MT6750, MT6750S, MT6753, MT6755, MT6755S, MT6757, MT6757C, MT6757CD, MT6757CH, MT6758, MT6761, MT6762, MT6763, MT6765, MT6768, MT6771, MT6779, MT6785, MT6797, MT6799, MT6833, MT6853, MT6853T, MT6873, MT6877, MT6885, MT6889, MT6893

Affected Software Versions

Android 8.1, 9.0, 10.0, 11.0

CVE

CVE-2021-0574

Title

Out-of-bounds write in asf extractor

Severity

High

Vulnerability Type

EoP

CWE

CWE-787 Out-of-bounds Write

Description

In asf extractor, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT6570, MT6580, MT6735, MT6737, MT6739, MT6750, MT6750S, MT6753, MT6755, MT6755S, MT6757, MT6757C, MT6757CD, MT6757CH, MT6758, MT6761, MT6762, MT6763, MT6765, MT6768, MT6771, MT6779, MT6785, MT6797, MT6799, MT6833, MT6853, MT6853T, MT6873, MT6877, MT6885, MT6889, MT6893

Affected Software Versions

Android 8.1, 9.0, 10.0, 11.0

CVE

CVE-2021-0576

Title

Heap overflow in flv extractor

Severity

High

Vulnerability Type

EoP

CWE

CWE-122 Heap Overflow

Description

In flv extractor, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT6570, MT6580, MT6735, MT6737, MT6739, MT6750, MT6750S, MT6753, MT6755, MT6755S, MT6757, MT6757C, MT6757CD, MT6757CH, MT6758, MT6761, MT6762, MT6763, MT6765, MT6768, MT6771, MT6779, MT6785, MT6797, MT6799, MT6833, MT6853, MT6853T, MT6873, MT6877, MT6885, MT6889, MT6893

Affected Software Versions

Android 8.1, 9.0, 10.0, 11.0

CVE

CVE-2021-0578

Title

Out-of-bounds read in wifi driver

Severity

High

Vulnerability Type

ID

CWE

CWE-125 Out-of-bounds Read

Description

In wifi driver, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure to a proximal attacker with no additional execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT6761, MT6762, MT6765, MT6768, MT6779, MT6785, MT6833, MT6853, MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893

Affected Software Versions

Android 8.1, 9.0, 10.0, 11.0

CVE

CVE-2021-0579

Title

Buffer over-read in wifi driver

Severity

High

Vulnerability Type

ID

CWE

CWE-126 Buffer Over-read

Description

In wifi driver, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure to a proximal attacker with no additional execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT6761, MT6762, MT6765, MT6768, MT6779, MT6785, MT6833, MT6853, MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893

Affected Software Versions

Android 8.1, 9.0, 10.0, 11.0

CVE

CVE-2021-0580

Title

Integer underflow in wifi driver

Severity

High

Vulnerability Type

ID

CWE

CWE-191 Integer Underflow

Description

In wifi driver, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure to a proximal attacker with no additional execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT6761, MT6762, MT6765, MT6768, MT6779, MT6785, MT6833, MT6853, MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893

Affected Software Versions

Android 8.1, 9.0, 10.0, 11.0

CVE

CVE-2021-0581

Title

Out-of-bounds read in wifi driver

Severity

High

Vulnerability Type

ID

CWE

CWE-125 Out-of-bounds Read

Description

In wifi driver, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure to a proximal attacker with no additional execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT6761, MT6762, MT6765, MT6768, MT6779, MT6785, MT6833, MT6853, MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893

Affected Software Versions

Android 8.1, 9.0, 10.0, 11.0

CVE

CVE-2021-0582

Title

Out-of-bounds read in wifi driver

Severity

High

Vulnerability Type

ID

CWE

CWE-125 Out-of-bounds Read

Description

In wifi driver, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure to a proximal attacker with no additional execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT6761, MT6762, MT6765, MT6768, MT6779, MT6785, MT6833, MT6853, MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893

Affected Software Versions

Android 8.1, 9.0, 10.0, 11.0

CVE

CVE-2021-0407

Title

Write-what-where condition in clk driver

Severity

Medium

Vulnerability Type

EoP

CWE

CWE-123 Write-what-where Condition

Description

In clk driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT6739, MT6761, MT6762, MT6763, MT6765, MT6768, MT6769, MT6771, MT6833, MT6853, MT6853T, MT6873, MT6885, MT6889, MT6893

Affected Software Versions

Android 10.0, 11.0

CVE

CVE-2021-0408

Title

Improper check or handling of exceptional conditions in asf extractor

Severity

Medium

Vulnerability Type

ID

CWE

CWE-703 Improper Check or Handling of Exceptional Conditions

Description

In asf extractor, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT6570, MT6580, MT6735, MT6737, MT6739, MT6750, MT6750S, MT6753, MT6755, MT6755S, MT6757, MT6757C, MT6757CD, MT6757CH, MT6758, MT6761, MT6762, MT6763, MT6765, MT6768, MT6771, MT6779, MT6785, MT6797, MT6799, MT6833, MT6853, MT6853T, MT6873, MT6877, MT6885, MT6889, MT6893

Affected Software Versions

Android 10.0, 11.0

CVE

CVE-2021-0415

Title

Information disclosure in memory management driver

Severity

Medium

Vulnerability Type

ID

CWE

CWE-200 Information Disclosure

Description

In memory management driver, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT6580, MT6582E, MT6582H, MT6582T, MT6582W, MT6582_90, MT6589, MT6589TD, MT6592E, MT6592H, MT6592T, MT6592W, MT6592_90, MT6595, MT6731, MT6732, MT6735, MT6737, MT6739, MT6750, MT6750S, MT6752, MT6753, MT6755, MT6755S, MT6757, MT6757C, MT6757CD, MT6757CH, MT6758, MT6761, MT6762, MT6763, MT6765, MT6768, MT6769, MT6771, MT6779, MT6785, MT6795, MT6797, MT6799, MT6833, MT6853, MT6853T, MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893

Affected Software Versions

Android 10.0, 11.0

CVE

CVE-2021-0416

Title

Improper input validation in memory management driver

Severity

Medium

Vulnerability Type

ID

CWE

CWE-20 Improper Input Validation

Description

In memory management driver, there is a possible system crash due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT6580, MT6582E, MT6582H, MT6582T, MT6582W, MT6582_90, MT6589, MT6589TD, MT6592E, MT6592H, MT6592T, MT6592W, MT6592_90, MT6595, MT6731, MT6732, MT6735, MT6737, MT6739, MT6750, MT6750S, MT6752, MT6753, MT6755, MT6755S, MT6757, MT6757C, MT6757CD, MT6757CH, MT6758, MT6761, MT6762, MT6763, MT6765, MT6768, MT6769, MT6771, MT6779, MT6785, MT6795, MT6797, MT6799, MT6833, MT6853, MT6853T, MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893

Affected Software Versions

Android 10.0, 11.0

CVE

CVE-2021-0417

Title

Use of insufficiently random values in memory management driver

Severity

Medium

Vulnerability Type

ID

CWE

CWE-330 Use of Insufficiently Random Values

Description

In memory management driver, there is a possible system crash due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT6580, MT6582E, MT6582H, MT6582T, MT6582W, MT6582_90, MT6589, MT6589TD, MT6592E, MT6592H, MT6592T, MT6592W, MT6592_90, MT6595, MT6731, MT6732, MT6735, MT6737, MT6739, MT6750, MT6750S, MT6752, MT6753, MT6755, MT6755S, MT6757, MT6757C, MT6757CD, MT6757CH, MT6758, MT6761, MT6762, MT6763, MT6765, MT6768, MT6769, MT6771, MT6779, MT6785, MT6795, MT6797, MT6799, MT6833, MT6853, MT6853T, MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893

Affected Software Versions

Android 10.0, 11.0

CVE

CVE-2021-0418

Title

Denial of service in memory management driver

Severity

Medium

Vulnerability Type

DoS

CWE

CWE-400 Denial of Service

Description

In memory management driver, there is a possible system crash due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT6580, MT6582E, MT6582H, MT6582T, MT6582W, MT6582_90, MT6589, MT6589TD, MT6592E, MT6592H, MT6592T, MT6592W, MT6592_90, MT6595, MT6731, MT6732, MT6735, MT6737, MT6739, MT6750, MT6750S, MT6752, MT6753, MT6755, MT6755S, MT6757, MT6757C, MT6757CD, MT6757CH, MT6758, MT6761, MT6762, MT6763, MT6765, MT6768, MT6769, MT6771, MT6779, MT6785, MT6795, MT6797, MT6799, MT6833, MT6853, MT6853T, MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893

Affected Software Versions

Android 10.0, 11.0

CVE

CVE-2021-0419

Title

Denial of service in memory management driver

Severity

Medium

Vulnerability Type

DoS

CWE

CWE-400 Denial of Service

Description

In memory management driver, there is a possible system crash due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT6580, MT6582E, MT6582H, MT6582T, MT6582W, MT6582_90, MT6589, MT6589TD, MT6592E, MT6592H, MT6592T, MT6592W, MT6592_90, MT6595, MT6731, MT6732, MT6735, MT6737, MT6739, MT6750, MT6750S, MT6752, MT6753, MT6755, MT6755S, MT6757, MT6757C, MT6757CD, MT6757CH, MT6758, MT6761, MT6762, MT6763, MT6765, MT6768, MT6769, MT6771, MT6779, MT6785, MT6795, MT6797, MT6799, MT6833, MT6853, MT6853T, MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893

Affected Software Versions

Android 10.0, 11.0

CVE

CVE-2021-0420

Title

Denial of service in memory management driver

Severity

Medium

Vulnerability Type

DoS

CWE

CWE-400 Denial of Service

Description

In memory management driver, there is a possible system crash due to a missing bounds check. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT6580, MT6582E, MT6582H, MT6582T, MT6582W, MT6582_90, MT6589, MT6589TD, MT6592E, MT6592H, MT6592T, MT6592W, MT6592_90, MT6595, MT6731, MT6732, MT6735, MT6737, MT6739, MT6750, MT6750S, MT6752, MT6753, MT6755, MT6755S, MT6757, MT6757C, MT6757CD, MT6757CH, MT6758, MT6761, MT6762, MT6763, MT6765, MT6768, MT6769, MT6771, MT6779, MT6785, MT6795, MT6797, MT6799, MT6833, MT6853, MT6853T, MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893

Affected Software Versions

Android 10.0, 11.0

CVE

CVE-2021-0626

Title

Out-of-bounds write in ged

Severity

Medium

Vulnerability Type

EoP

CWE

CWE-787 Out-of-bounds Write

Description

In ged, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT6768, MT6771, MT6779, MT6785

Affected Software Versions

Android 9.0, 10.0, 11.0

CVE

CVE-2021-0627

Title

Integer overflow or wraparound in OMA DRM

Severity

Medium

Vulnerability Type

EoP

CWE

CWE-190 Integer Overflow or Wraparound

Description

In OMA DRM, there is a possible memory corruption due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT6580, MT6735, MT6739, MT6755S, MT6757, MT6761, MT6763, MT6765, MT6768, MT6771, MT6785, MT6833, MT6853, MT6873, MT6877, MT6885

Affected Software Versions

Android 10.0, 11.0

CVE

CVE-2021-0628

Title

Improper input validation in OMA DRM

Severity

Medium

Vulnerability Type

EoP

CWE

CWE-20 Improper Input Validation

Description

In OMA DRM, there is a possible memory corruption due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT6580, MT6735, MT6739, MT6755S, MT6757, MT6761, MT6763, MT6765, MT6768, MT6771, MT6779, MT6785, MT6833, MT6853, MT6873, MT6877, MT6885

Affected Software Versions

Android 10.0, 11.0

****Vulnerability Type Definition****

Abbreviation

Definition

RCE

Remote Code Execution

EoP

Elevation of Privilege

ID

Information Disclosure

DoS

Denial of Service

N/A

Classification not available

****Versions****

Version

Date

Description

1.0

August 5, 2021

Bulletin published.

****Notes****

Information above is generated only at the time of creation of this Security Bulletin. The list of affected chipsets could be not complete. For any further information, device OEMs can reach your MediaTek contact person if needed.

If you want to report a security vulnerability in MediaTek chipsets or products, please go to Report Security Vulnerability page on MediaTek website.