CVE-2021-0658
Description
In apusys, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05672107; Issue ID: ALPS05672107.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Out-of-bounds write in MediaTek apusys driver allows local escalation of privilege with System execution privileges.
Vulnerability
In the apusys driver on MediaTek chipsets, a missing bounds check allows an out-of-bounds write. This vulnerability affects MediaTek platforms that include the apusys driver. The specific affected chipset list is not detailed in the available reference [1], but the bulletin covers multiple MediaTek chipsets.
Exploitation
An attacker with System execution privileges can trigger the out-of-bounds write without user interaction. The exact exploitation steps are not publicly disclosed, but the missing bounds check can be leveraged to write beyond allocated memory.
Impact
Successful exploitation leads to local escalation of privilege. The attacker can corrupt kernel memory, potentially gaining elevated privileges or causing a denial of service. The impact is limited to local access with required system privileges.
Mitigation
MediaTek has released a patch identified as ALPS05672107 as part of the November 2021 Product Security Bulletin [1]. Device OEMs are advised to apply the patch. No workaround is documented.
AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- apusys/apusysdescription
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- corp.mediatek.com/product-security-bulletin/November-2021mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.