CVE-2021-0898

Vulnerability

A use-after-free vulnerability exists in the apusys driver of MediaTek chipsets. The bug occurs when a memory object is freed but still referenced, leading to potential memory corruption. The vulnerability is present in affected MediaTek chipsets that include the apusys driver. The specific patch ID is ALPS05672107 and issue ID ALPS05672071. The MediaTek December 2021 Product Security Bulletin lists this CVE as Medium severity [1].

Exploitation

An attacker must already have System execution privileges on the device to exploit this vulnerability. No user interaction is required. The attacker can trigger the use-after-free condition, causing memory corruption that can be leveraged for further privilege escalation.

Impact

Successful exploitation leads to local escalation of privilege. An attacker with System privileges can gain higher-level access, potentially compromising the entire system's confidentiality, integrity, or availability.

Mitigation

MediaTek released a patch for this vulnerability in the December 2021 Product Security Bulletin [1]. Device OEMs have been notified and are expected to provide updates to end users. Users should apply the latest security patches from their device manufacturer. No workaround is available.