CVE-2021-0678

Vulnerability

In the apusys driver of MediaTek chipsets, a missing bounds check allows an out-of-bounds write. This vulnerability is present in components affected by the patch ALPS05672107. Affected chipsets include MT6570, MT6580, MT6735, MT6737, MT6739, MT6750, MT6750S, MT6753, MT6755, MT6755S, MT6757, MT6757C, MT6757CD, MT6757CH, MT6758, MT6761, MT6763, MT6765, MT6768, MT6771, MT6779, MT6781, MT6785, MT6797, MT6799, MT6833, and others [1].

Exploitation

An attacker with System execution privileges can trigger the out-of-bounds write without user interaction. The precise sequence of steps is not detailed in the available references, but the missing bounds check can be exploited via a crafted operation on the apusys driver [1].

Impact

Successful exploitation leads to local escalation of privilege. The attacker can corrupt memory, potentially gaining elevated privileges within the kernel or executing arbitrary code with higher privileges [1].

Mitigation

MediaTek has released a patch identified as ALPS05672107. Device OEMs have been notified and are expected to deploy the fix via firmware updates. Users should check for and apply security updates from their device manufacturer [1].