CVE-2021-0903

Vulnerability

CVE-2021-0903 is an out-of-bounds write vulnerability in the apusys driver of MediaTek chipsets. It is caused by a missing bounds check when handling certain operations. Affected chipsets include MT6570, MT6580, MT6735, MT6737, MT6739, MT6750, MT6750S, MT6753, MT6755, MT6755S, MT6757, MT6757C, MT6757CD, MT6757CH, MT6758, MT6761, MT6763, MT6765, MT6768, MT6771, MT6779, MT6781, MT6785, MT6797, MT6799, MT6833, and others listed in the December 2021 MediaTek Product Security Bulletin [1]. The vulnerability is addressed by patch ALPS05672107.

Exploitation

Exploitation requires System execution privileges. No user interaction is needed, and no additional execution privileges beyond the initial System level are required. An attacker with System access can trigger the out-of-bounds write to corrupt kernel memory or other critical structures.

Impact

Successful exploitation allows an attacker with System privileges to escalate their privileges further within the kernel context, potentially achieving arbitrary code execution at the highest privilege level System. This can lead to full compromise of the device's confidentiality, integrity, and availability.

Mitigation

The fix was included in the December 2021 MediaTek Product Security Bulletin [1]. Device OEMs are expected to apply patch ALPS05672107. Users should install the latest security updates from their device manufacturer. No workaround is available, and the issue is not listed in CISA's Known Exploited Vulnerabilities (KEV) as of the publication date.