CVE-2021-0670

Vulnerability

A use-after-free vulnerability exists in the apusys driver of MediaTek chipsets. This memory corruption bug can be triggered when the driver improperly handles object lifetimes, leading to a use-after-free condition. The vulnerability is identified by Patch ID ALPS05654663 and affects multiple MediaTek chipsets as listed in the November 2021 Product Security Bulletin [1].

Exploitation

An attacker with System execution privileges can exploit this vulnerability without any user interaction. By sending a specially crafted request to the apusys driver, the attacker can trigger the use-after-free, potentially corrupting kernel memory. The exact exploitation steps are not publicly detailed, but the condition is reachable from a privileged context.

Impact

Successful exploitation allows an attacker with System privileges to escalate privileges further, potentially achieving arbitrary code execution in the kernel context. This could lead to full compromise of the device's security mechanisms, including bypassing access controls and gaining persistent elevated access.

Mitigation

MediaTek has provided a patch (ALPS05654663) to device OEMs as part of the November 2021 security update. Users should apply the security update from their device manufacturer to remediate this vulnerability. No workarounds are available, and the vulnerability is not listed in the CISA Known Exploited Vulnerabilities catalog as of the publication date.