CVE-2021-0657

Vulnerability

A stack-based buffer overflow vulnerability exists in the apusys driver of MediaTek chipsets. This out-of-bounds write issue can be triggered locally by an attacker with System execution privileges. The vulnerability affects multiple MediaTek chipsets, including MT6731, MT6735, MT6737, MT6739, MT6750, MT6753, MT6755, MT6757, MT6761, MT6762, MT6763, MT6765, MT6768, MT6769, MT6771, MT6779, MT6781, and others as listed in the November 2021 Product Security Bulletin [1]. No user interaction is required for exploitation. The patch is identified as ALPS05672103 [1].

Exploitation

An attacker with System execution privileges on an affected MediaTek device can exploit the stack-based buffer overflow in the apusys driver. No user interaction is needed, and the attack vector is local. The specific steps involve triggering the out-of-bounds write in the apusys code path, leading to memory corruption [1].

Impact

Successful exploitation could lead to local escalation of privilege (EoP). The attacker gains elevated privileges, potentially achieving arbitrary code execution in the kernel context or compromising the system's integrity, confidentiality, and availability [1].

Mitigation

MediaTek has released a security patch (ALPS05672103) as part of the November 2021 Product Security Bulletin [1]. Device OEMs have been notified and should integrate the patch into their firmware updates. Affected users should apply the latest security updates from their device manufacturer. No workaround is available if the patch is not applied.