Headline
CVE-2021-0673: December 2021
In Audio Aurisys HAL, there is a possible permission bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05977326; Issue ID: ALPS05977326.
December 2021 Product Security Bulletin
Published December 1, 2021
The MediaTek Product Security Bulletin contains details of security vulnerabilities affecting MediaTek Smartphone, Tablet, AIoT and Smart display chipsets. Device OEMs have been notified of all the issues and the corresponding security patches for at least two months before publication.
The severity of the identified vulnerabilities was conducted based on the Common Vulnerability Scoring System version 3.1 (CVSS v3.1).
****Summary****
Severity
CVEs
High
CVE-2021-0675, CVE-2021-0904
Medium
CVE-2021-0676, CVE-2021-0677, CVE-2021-0678, CVE-2021-0679, CVE-2021-0893, CVE-2021-0894, CVE-2021-0895, CVE-2021-0896, CVE-2021-0897, CVE-2021-0898, CVE-2021-0899, CVE-2021-0900, CVE-2021-0901, CVE-2021-0902, CVE-2021-0903, CVE-2021-0673, CVE-2021-0674
****Details****
CVE
CVE-2021-0675
Title
Improper restriction of operations within the bounds of a memory buffer in alac decoder
Severity
High
Vulnerability Type
EoP
CWE
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
Description
In alac decoder, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets
MT6570, MT6580, MT6735, MT6737, MT6739, MT6750, MT6750S, MT6753, MT6755, MT6755S, MT6757, MT6757C, MT6757CD, MT6757CH, MT6758, MT6761, MT6763, MT6765, MT6768, MT6771, MT6779, MT6781, MT6785, MT6797, MT6799, MT6833, MT6853, MT6853T, MT6873, MT6877, MT6883, MT6885, MT6889, MT6893, MT8163, MT8167, MT8167S, MT8168, MT8173, MT8175, MT8176, MT8183, MT8185, MT8195, MT8321, MT8362A, MT8365, MT8385, MT8765, MT8766, MT8768, MT8786, MT8788, MT8789, MT8791, MT8797
Affected Software Versions
Android 8.1, 9.0, 10.0, 11.0
CVE
CVE-2021-0904
Title
Incorrect permission assignment for critical resource in SRAMROM
Severity
High
Vulnerability Type
EoP
CWE
CWE-732 Incorrect Permission Assignment for Critical Resource
Description
In SRAMROM, there is a possible permission bypass due to an insecure permission setting. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets
MT6771, MT8183, MT8385, MT8788
Affected Software Versions
Android 8.1, 9.0, 10.0, 11.0
CVE
CVE-2021-0676
Title
Exposure of sensitive information to an unauthorized actor in geniezone driver
Severity
Medium
Vulnerability Type
ID
CWE
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
Description
In geniezone driver, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets
MT6762, MT6765, MT6768, MT6769, MT6771, MT6779, MT6781, MT6785, MT6833, MT6853, MT6853T, MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893, MT8163, MT8167, MT8167S, MT8168, MT8173, MT8175, MT8183, MT8185, MT8195, MT8321, MT8362A, MT8365, MT8385, MT8735A, MT8735B, MT8765, MT8766, MT8768, MT8771, MT8786, MT8788, MT8789, MT8791, MT8797
Affected Software Versions
Android 8.1, 9.0, 10.0, 11.0
CVE
CVE-2021-0677
Title
Integer overflow or wraparound in ccu driver
Severity
Medium
Vulnerability Type
ID
CWE
CWE-190 Integer Overflow or Wraparound
Description
In ccu driver, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets
MT6833, MT6853, MT6873, MT6877, MT6885, MT6889, MT8771, MT8791
Affected Software Versions
Android 11.0
CVE
CVE-2021-0678
Title
Improper restriction of operations within the bounds of a memory buffer in apusys
Severity
Medium
Vulnerability Type
EoP
CWE
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
Description
In apusys, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets
MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893, MT8195, MT8791, MT8797
Affected Software Versions
Android 10.0, 11.0, 12.0
CVE
CVE-2021-0679
Title
Improper check or handling of exceptional conditions in apusys
Severity
Medium
Vulnerability Type
EoP
CWE
CWE-703 Improper Check or Handling of Exceptional Conditions
Description
In apusys, there is a possible memory corruption due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets
MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893, MT8195, MT8791, MT8797
Affected Software Versions
Android 10.0, 11.0, 12.0
CVE
CVE-2021-0893
Title
Use after free in apusys
Severity
Medium
Vulnerability Type
EoP
CWE
CWE-416 Use After Free
Description
In apusys, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets
MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893, MT8195, MT8791, MT8797
Affected Software Versions
Android 10.0, 11.0, 12.0
CVE
CVE-2021-0894
Title
Improper restriction of operations within the bounds of a memory buffer in apusys
Severity
Medium
Vulnerability Type
EoP
CWE
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
Description
In apusys, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets
MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893, MT8195, MT8791, MT8797
Affected Software Versions
Android 10.0, 11.0, 12.0
CVE
CVE-2021-0895
Title
Improper restriction of operations within the bounds of a memory buffer in apusys
Severity
Medium
Vulnerability Type
EoP
CWE
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
Description
In apusys, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets
MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893, MT8195, MT8791, MT8797
Affected Software Versions
Android 10.0, 11.0, 12.0
CVE
CVE-2021-0896
Title
Improper restriction of operations within the bounds of a memory buffer in apusys
Severity
Medium
Vulnerability Type
EoP
CWE
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
Description
In apusys, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets
MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893, MT8195, MT8791, MT8797
Affected Software Versions
Android 10.0, 11.0, 12.0
CVE
CVE-2021-0897
Title
Time-of-check time-of-use (toctou) race condition in apusys
Severity
Medium
Vulnerability Type
EoP
CWE
CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition
Description
In apusys, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets
MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893, MT8195, MT8791, MT8797
Affected Software Versions
Android 10.0, 11.0, 12.0
CVE
CVE-2021-0898
Title
Use after free in apusys
Severity
Medium
Vulnerability Type
EoP
CWE
CWE-416 Use After Free
Description
In apusys, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets
MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893, MT8195, MT8791, MT8797
Affected Software Versions
Android 10.0, 11.0, 12.0
CVE
CVE-2021-0899
Title
Use after free in apusys
Severity
Medium
Vulnerability Type
EoP
CWE
CWE-416 Use After Free
Description
In apusys, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets
MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893, MT8195, MT8791, MT8797
Affected Software Versions
Android 10.0, 11.0, 12.0
CVE
CVE-2021-0900
Title
Improper input validation in apusys
Severity
Medium
Vulnerability Type
ID
CWE
CWE-20 Improper Input Validation
Description
In apusys, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets
MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893, MT8195, MT8791, MT8797
Affected Software Versions
Android 10.0, 11.0, 12.0
CVE
CVE-2021-0901
Title
Integer overflow or wraparound in apusys
Severity
Medium
Vulnerability Type
EoP
CWE
CWE-190 Integer Overflow or Wraparound
Description
In apusys, there is a possible memory corruption due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets
MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893, MT8195, MT8791, MT8797
Affected Software Versions
Android 10.0, 11.0, 12.0
CVE
CVE-2021-0902
Title
Improper input validation in apusys
Severity
Medium
Vulnerability Type
ID
CWE
CWE-20 Improper Input Validation
Description
In apusys, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets
MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893, MT8195, MT8791, MT8797
Affected Software Versions
Android 10.0, 11.0, 12.0
CVE
CVE-2021-0903
Title
Improper restriction of operations within the bounds of a memory buffer in apusys
Severity
Medium
Vulnerability Type
EoP
CWE
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
Description
In apusys, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets
MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893, MT8195, MT8791, MT8797
Affected Software Versions
Android 10.0, 11.0, 12.0
CVE
CVE-2021-0673
Title
Improper input validation in Audio Aurisys HAL
Severity
Medium
Vulnerability Type
EoP
CWE
CWE-20 Improper Input Validation
Description
In Audio Aurisys HAL, there is a possible permission bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets
MT6779, MT6781, MT6785, MT6853, MT6853T, MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893, MT8183, MT8185, MT8195, MT8321, MT8385, MT8765, MT8766, MT8768, MT8771, MT8786, MT8788, MT8789, MT8791, MT8797
Affected Software Versions
Android 10.0, 11.0, 12.0
CVE
CVE-2021-0674
Title
Improper input validation in alac decoder
Severity
Medium
Vulnerability Type
ID
CWE
CWE-20 Improper Input Validation
Description
In alac decoder, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets
MT6570, MT6580, MT6735, MT6737, MT6739, MT6750, MT6750S, MT6753, MT6755, MT6755S, MT6757, MT6757C, MT6757CD, MT6757CH, MT6758, MT6761, MT6763, MT6765, MT6768, MT6771, MT6779, MT6781, MT6785, MT6797, MT6799, MT6833, MT6853, MT6853T, MT6873, MT6877, MT6883, MT6885, MT6889, MT6893, MT8163, MT8167, MT8167S, MT8168, MT8173, MT8175, MT8176, MT8183, MT8185, MT8195, MT8321, MT8362A, MT8365, MT8385, MT8765, MT8766, MT8768, MT8786, MT8788, MT8789, MT8791, MT8797
Affected Software Versions
Android 8.1, 9.0, 10.0, 11.0
****Vulnerability Type Definition****
Abbreviation
Definition
RCE
Remote Code Execution
EoP
Elevation of Privilege
ID
Information Disclosure
DoS
Denial of Service
N/A
Classification not available
****Versions****
Version
Date
Description
1.0
December 1, 2021
Bulletin published.
****Notes****
Information above is generated only at the time of creation of this Security Bulletin. The list of affected chipsets could be not complete. For any further information, device OEMs can reach your MediaTek contact person if needed.
If you want to report a security vulnerability in MediaTek chipsets or products, please go to Report Security Vulnerability page on MediaTek website.