CVE-2021-0896

Vulnerability

A missing bounds check in the apusys driver on MediaTek chipsets leads to an out-of-bounds write condition. The vulnerability affects chipsets including MT6570, MT6580, MT6735, MT6737, MT6739, MT6750, MT6750S, MT6753, MT6755, MT6755S, MT6757, MT6757C, MT6757CD, MT6757CH, MT6758, MT6761, MT6763, MT6765, MT6768, MT6771, MT6779, MT6781, MT6785, MT6797, MT6799, MT6833, and others [1]. The issue is identified as ALPS05672107 and ALPS05671206 [1].

Exploitation

Exploitation requires System execution privileges. No user interaction is needed. An attacker with such privileges can trigger the out-of-bounds write by sending crafted inputs to the apusys driver, bypassing the missing bounds check [1].

Impact

Successful exploitation leads to local escalation of privilege within the kernel, allowing the attacker to gain additional capabilities or compromise system integrity.

Mitigation

The fix is included in the December 2021 MediaTek Product Security Bulletin. Device OEMs have been notified and provided with security patches at least two months before publication [1]. Users should apply the updates from their device manufacturer when available.