CVE-2021-0666

Vulnerability

In the MediaTek apusys driver, an out-of-bounds read vulnerability exists due to an incorrect bounds check. This affects multiple chipsets including MT6731, MT6732, MT6735, MT6737, MT6739, MT6750, MT6750S, MT6752, MT6753, MT6755, MT6755S, MT6757, MT6757C, MT6757CD, MT6757CH, MT6758, MT6761, MT6762, MT6763, MT6765, MT6768, MT6769, MT6771, MT6779, MT6781, and others [1]. The vulnerability is present in versions prior to patches released in November 2021.

Exploitation

An attacker must already have System execution privileges on the device. No user interaction is required for exploitation [1]. The attacker can trigger the out-of-bounds read by invoking the vulnerable code path in apusys.

Impact

Successful exploitation leads to local information disclosure, as the out-of-bounds read can leak sensitive kernel or user data [1]. The attacker gains no additional privileges beyond the System level they already possess.

Mitigation

MediaTek has released a security patch (ALPS05672086) as part of the November 2021 Product Security Bulletin [1]. Device OEMs should have applied the fix. Users should ensure their devices receive the latest security updates. No workarounds have been publicly disclosed.