CVE-2021-0902
Description
In apusys, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05672107; Issue ID: ALPS05656484.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Out-of-bounds read in MediaTek apusys leads to local information disclosure; requires System privileges. No user interaction needed.
Vulnerability
In apusys of MediaTek chipsets, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure. Affected chipsets include many MediaTek SoCs as listed in the bulletin (e.g., MT6570, MT6580, etc.). System execution privileges are needed. Patch ID: ALPS05672107. Issue ID: ALPS05656484. [1]
Exploitation
An attacker with System execution privileges can exploit this vulnerability by triggering the out-of-bounds read. User interaction is not needed. The exact steps are not disclosed. [1]
Impact
Successful exploitation allows an attacker to read memory beyond the intended bounds, leading to information disclosure. The attacker gains access to sensitive data but does not achieve code execution or privilege escalation. [1]
Mitigation
MediaTek has released patches as part of the December 2021 Product Security Bulletin. Device OEMs have been notified. Users should apply the security patch from their device manufacturer. No workaround is available. [1]
AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- apusys/apusysdescription
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- corp.mediatek.com/product-security-bulletin/December-2021mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.