CVE-2021-0895

Vulnerability

In the apusys driver on MediaTek chipsets, a missing bounds check leads to an out-of-bounds write. This vulnerability is present in the apusys component and requires System execution privileges to exploit. The affected versions include all chipsets using the apusys driver, as listed in the December 2021 MediaTek Product Security Bulletin [1]. The patch ID is ALPS05672107.

Exploitation

An attacker with System execution privileges can trigger the out-of-bounds write without any user interaction. The exact exploitation steps are not publicly detailed, but the missing bounds check allows writing beyond the allocated buffer, potentially corrupting kernel memory.

Impact

Successful exploitation leads to local escalation of privilege. Although the attacker already requires System execution privileges, the out-of-bounds write can be used to gain further control over the system, such as executing arbitrary code with elevated permissions or bypassing security mechanisms.

Mitigation

MediaTek released a patch (ALPS05672107) in the December 2021 Product Security Bulletin [1]. Device OEMs were notified at least two months before publication. Users should apply the security update from their device manufacturer. No workarounds are documented, and this CVE is not listed in the Known Exploited Vulnerabilities (KEV) catalog.