December 2021 Product Security Bulletin

Published 2021-12-01
The MediaTek Product Security Bulletin contains details of security vulnerabilities affecting MediaTek Smartphone, Tablet, AIoT and Smart display chipsets. Device OEMs have been notified of all the issues and the corresponding security patches for at least two months before publication.

The severity of the identified vulnerabilities was conducted based on the Common Vulnerability Scoring System version 3.1 (CVSS v3.1).


Summary

Severity CVEs
High CVE-2021-0675, CVE-2021-0904
Medium CVE-2021-0676, CVE-2021-0677, CVE-2021-0678, CVE-2021-0679, CVE-2021-0893, CVE-2021-0894, CVE-2021-0895, CVE-2021-0896, CVE-2021-0897, CVE-2021-0898, CVE-2021-0899, CVE-2021-0900, CVE-2021-0901, CVE-2021-0902, CVE-2021-0903, CVE-2021-0673, CVE-2021-0674


Details

CVE CVE-2021-0675
Title Improper restriction of operations within the bounds of a memory buffer in alac decoder
Severity High
Vulnerability Type EoP
CWE CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
Description In alac decoder, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets MT6570, MT6580, MT6735, MT6737, MT6739, MT6750, MT6750S, MT6753, MT6755, MT6755S, MT6757, MT6757C, MT6757CD, MT6757CH, MT6758, MT6761, MT6763, MT6765, MT6768, MT6771, MT6779, MT6781, MT6785, MT6797, MT6799, MT6833, MT6853, MT6853T, MT6873, MT6877, MT6883, MT6885, MT6889, MT6893, MT8163, MT8167, MT8167S, MT8168, MT8173, MT8175, MT8176, MT8183, MT8185, MT8195, MT8321, MT8362A, MT8365, MT8385, MT8765, MT8766, MT8768, MT8786, MT8788, MT8789, MT8791, MT8797
Affected Software Versions Android 8.1, 9.0, 10.0, 11.0

CVE CVE-2021-0904
Title Incorrect permission assignment for critical resource in SRAMROM
Severity High
Vulnerability Type EoP
CWE CWE-732 Incorrect Permission Assignment for Critical Resource
Description In SRAMROM, there is a possible permission bypass due to an insecure permission setting. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets MT6771, MT8183, MT8385, MT8788
Affected Software Versions Android 8.1, 9.0, 10.0, 11.0

CVE CVE-2021-0676
Title Exposure of sensitive information to an unauthorized actor in geniezone driver
Severity Medium
Vulnerability Type ID
CWE CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
Description In geniezone driver, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets MT6762, MT6765, MT6768, MT6769, MT6771, MT6779, MT6781, MT6785, MT6833, MT6853, MT6853T, MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893, MT8163, MT8167, MT8167S, MT8168, MT8173, MT8175, MT8183, MT8185, MT8195, MT8321, MT8362A, MT8365, MT8385, MT8735A, MT8735B, MT8765, MT8766, MT8768, MT8771, MT8786, MT8788, MT8789, MT8791, MT8797
Affected Software Versions Android 8.1, 9.0, 10.0, 11.0

CVE CVE-2021-0677
Title Integer overflow or wraparound in ccu driver
Severity Medium
Vulnerability Type ID
CWE CWE-190 Integer Overflow or Wraparound
Description In ccu driver, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets MT6833, MT6853, MT6873, MT6877, MT6885, MT6889, MT8771, MT8791
Affected Software Versions Android 11.0

CVE CVE-2021-0678
Title Improper restriction of operations within the bounds of a memory buffer in apusys
Severity Medium
Vulnerability Type EoP
CWE CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
Description In apusys, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893, MT8195, MT8791, MT8797
Affected Software Versions Android 10.0, 11.0, 12.0

CVE CVE-2021-0679
Title Improper check or handling of exceptional conditions in apusys
Severity Medium
Vulnerability Type EoP
CWE CWE-703 Improper Check or Handling of Exceptional Conditions
Description In apusys, there is a possible memory corruption due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893, MT8195, MT8791, MT8797
Affected Software Versions Android 10.0, 11.0, 12.0

CVE CVE-2021-0893
Title Use after free in apusys
Severity Medium
Vulnerability Type EoP
CWE CWE-416 Use After Free
Description In apusys, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893, MT8195, MT8791, MT8797
Affected Software Versions Android 10.0, 11.0, 12.0

CVE CVE-2021-0894
Title Improper restriction of operations within the bounds of a memory buffer in apusys
Severity Medium
Vulnerability Type EoP
CWE CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
Description In apusys, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893, MT8195, MT8791, MT8797
Affected Software Versions Android 10.0, 11.0, 12.0

CVE CVE-2021-0895
Title Improper restriction of operations within the bounds of a memory buffer in apusys
Severity Medium
Vulnerability Type EoP
CWE CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
Description In apusys, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893, MT8195, MT8791, MT8797
Affected Software Versions Android 10.0, 11.0, 12.0

CVE CVE-2021-0896
Title Improper restriction of operations within the bounds of a memory buffer in apusys
Severity Medium
Vulnerability Type EoP
CWE CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
Description In apusys, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893, MT8195, MT8791, MT8797
Affected Software Versions Android 10.0, 11.0, 12.0

CVE CVE-2021-0897
Title Time-of-check time-of-use (toctou) race condition in apusys
Severity Medium
Vulnerability Type EoP
CWE CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition
Description In apusys, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893, MT8195, MT8791, MT8797
Affected Software Versions Android 10.0, 11.0, 12.0

CVE CVE-2021-0898
Title Use after free in apusys
Severity Medium
Vulnerability Type EoP
CWE CWE-416 Use After Free
Description In apusys, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893, MT8195, MT8791, MT8797
Affected Software Versions Android 10.0, 11.0, 12.0

CVE CVE-2021-0899
Title Use after free in apusys
Severity Medium
Vulnerability Type EoP
CWE CWE-416 Use After Free
Description In apusys, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893, MT8195, MT8791, MT8797
Affected Software Versions Android 10.0, 11.0, 12.0

CVE CVE-2021-0900
Title Improper input validation in apusys
Severity Medium
Vulnerability Type ID
CWE CWE-20 Improper Input Validation
Description In apusys, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893, MT8195, MT8791, MT8797
Affected Software Versions Android 10.0, 11.0, 12.0

CVE CVE-2021-0901
Title Integer overflow or wraparound in apusys
Severity Medium
Vulnerability Type EoP
CWE CWE-190 Integer Overflow or Wraparound
Description In apusys, there is a possible memory corruption due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893, MT8195, MT8791, MT8797
Affected Software Versions Android 10.0, 11.0, 12.0

CVE CVE-2021-0902
Title Improper input validation in apusys
Severity Medium
Vulnerability Type ID
CWE CWE-20 Improper Input Validation
Description In apusys, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893, MT8195, MT8791, MT8797
Affected Software Versions Android 10.0, 11.0, 12.0

CVE CVE-2021-0903
Title Improper restriction of operations within the bounds of a memory buffer in apusys
Severity Medium
Vulnerability Type EoP
CWE CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
Description In apusys, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893, MT8195, MT8791, MT8797
Affected Software Versions Android 10.0, 11.0, 12.0

CVE CVE-2021-0673
Title Improper input validation in Audio Aurisys HAL
Severity Medium
Vulnerability Type EoP
CWE CWE-20 Improper Input Validation
Description In Audio Aurisys HAL, there is a possible permission bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets MT6779, MT6781, MT6785, MT6853, MT6853T, MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893, MT8183, MT8185, MT8195, MT8321, MT8385, MT8765, MT8766, MT8768, MT8771, MT8786, MT8788, MT8789, MT8791, MT8797
Affected Software Versions Android 10.0, 11.0, 12.0

CVE CVE-2021-0674
Title Improper input validation in alac decoder
Severity Medium
Vulnerability Type ID
CWE CWE-20 Improper Input Validation
Description In alac decoder, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets MT6570, MT6580, MT6735, MT6737, MT6739, MT6750, MT6750S, MT6753, MT6755, MT6755S, MT6757, MT6757C, MT6757CD, MT6757CH, MT6758, MT6761, MT6763, MT6765, MT6768, MT6771, MT6779, MT6781, MT6785, MT6797, MT6799, MT6833, MT6853, MT6853T, MT6873, MT6877, MT6883, MT6885, MT6889, MT6893, MT8163, MT8167, MT8167S, MT8168, MT8173, MT8175, MT8176, MT8183, MT8185, MT8195, MT8321, MT8362A, MT8365, MT8385, MT8765, MT8766, MT8768, MT8786, MT8788, MT8789, MT8791, MT8797
Affected Software Versions Android 8.1, 9.0, 10.0, 11.0


Vulnerability Type Definition

Abbreviation Definition
RCE Remote Code Execution
EoP Elevation of Privilege
ID Information Disclosure
DoS Denial of Service
N/A Classification not available


Versions

Version Date Description
1.0 December 1, 2021 Bulletin published.


Notes

Information above is generated only at the time of creation of this Security Bulletin. The list of affected chipsets could be not complete. For any further information, device OEMs can reach your MediaTek contact person if needed.

If you want to report a security vulnerability in MediaTek chipsets or products, please go to Report Security Vulnerability page on MediaTek website.