CVE-2021-0893

Vulnerability

In the MediaTek apusys driver, a use-after-free vulnerability (CWE-416) exists that can lead to memory corruption. The affected chipsets include MT6570, MT6580, MT6735, MT6737, MT6739, MT6750, MT6750S, MT6753, MT6755, MT6755S, MT6757, MT6757C, MT6757CD, MT6757CH, MT6758, MT6761, MT6763, MT6765, MT6768, MT6771, MT6779, MT6781, MT6785, MT6797, MT6799, MT6833, among others. The issue is identified by MediaTek as ALPS05672107. System execution privileges are required to reach the vulnerable code path [1].

Exploitation

An attacker needs already to have SYSTEM execution privileges on a device using an affected SoC. No user interaction is required. With those privileges, the attacker can trigger a use-after-free condition in the apusys driver, leading to memory corruption [1].

Impact

Successful exploitation allows an attacker with SYSTEM privileges to corrupt memory, which can be leveraged for local escalation of privilege (EoP) to gain higher-level control over the device. The vulnerability is rated as Medium severity (CVSS v3.1 base score not specified in the bulletin) [1].

Mitigation

MediaTek released security patches for this vulnerability as part of the December 2021 Product Security Bulletin. Device OEMs were notified at least two months prior to the bulletin's publication (2021-12-01). Users should apply the firmware update from their device vendor to mitigate the issue [1]. If a patch is not yet available, no workaround is documented.