SB2021111215 - Multiple vulnerabilities in MediaTek chipsets
Published: November 12, 2021 Updated: March 7, 2023
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 21 secuirty vulnerabilities.
1) Memory corruption (CVE-ID: CVE-2021-0658)
The vulnerability allows a local privileged application to execute arbitrary code.
The vulnerability exists due to a missing bounds check within apusys. A local privileged application can execute arbitrary code.
2) Memory corruption (CVE-ID: CVE-2021-0671)
The vulnerability allows a local privileged application to execute arbitrary code.
The vulnerability exists due to a missing bounds check within apusys. A local privileged application can execute arbitrary code.
3) Memory corruption (CVE-ID: CVE-2021-0670)
The vulnerability allows a local privileged application to execute arbitrary code.
The vulnerability exists due to a use after free within apusys. A local privileged application can execute arbitrary code.
4) Use After Free (CVE-ID: CVE-2021-0669)
The vulnerability allows a local privileged application to execute arbitrary code.
The vulnerability exists due to a use after free within apusys. A local privileged application can execute arbitrary code.
5) Improper Check or Handling of Exceptional Conditions (CVE-ID: CVE-2021-0668)
The vulnerability allows a local privileged application to execute arbitrary code.
The vulnerability exists due to incorrect error handling within apusys. A local privileged application can execute arbitrary code.
6) Use After Free (CVE-ID: CVE-2021-0667)
The vulnerability allows a local privileged application to execute arbitrary code.
The vulnerability exists due to a use after free within apusys. A local privileged application can execute arbitrary code.
7) Out-of-bounds read (CVE-ID: CVE-2021-0666)
The vulnerability allows a local privileged application to gain access to sensitive information.
The vulnerability exists due to an incorrect bounds check within apusys. A local privileged application can gain access to sensitive information.
8) Out-of-bounds read (CVE-ID: CVE-2021-0665)
The vulnerability allows a local privileged application to gain access to sensitive information.
The vulnerability exists due to an incorrect bounds check within apusys. A local privileged application can gain access to sensitive information.
9) Memory corruption (CVE-ID: CVE-2021-0664)
The vulnerability allows a local privileged application to execute arbitrary code.
The vulnerability exists due to a use after free within ccu. A local privileged application can execute arbitrary code.
10) Out-of-bounds read (CVE-ID: CVE-2021-0659)
The vulnerability allows a local privileged application to gain access to sensitive information.
The vulnerability exists due to an incorrect bounds check within apusys. A local privileged application can gain access to sensitive information.
11) Stack-based buffer overflow (CVE-ID: CVE-2021-0657)
The vulnerability allows a local privileged application to execute arbitrary code.
The vulnerability exists due to a stack within apusys. A local privileged application can execute arbitrary code.
12) Information Exposure (CVE-ID: CVE-2021-0672)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to a missing permission check within Browser app. A local application can gain access to sensitive information.
13) Use After Free (CVE-ID: CVE-2021-0656)
The vulnerability allows a local privileged application to execute arbitrary code.
The vulnerability exists due to a use after free within edma driver. A local privileged application can execute arbitrary code.
14) Memory corruption (CVE-ID: CVE-2021-0655)
The vulnerability allows a local privileged application to execute arbitrary code.
The vulnerability exists due to an incorrect bounds check within mdlactl driver. A local privileged application can execute arbitrary code.
15) Memory corruption (CVE-ID: CVE-2021-0629)
The vulnerability allows a local privileged application to execute arbitrary code.
The vulnerability exists due to a use after free within mdlactl driver. A local privileged application can execute arbitrary code.
16) Out-of-bounds read (CVE-ID: CVE-2021-0624)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to a heap buffer overflow within flv extractor. A local application can gain access to sensitive information.
17) Out-of-bounds read (CVE-ID: CVE-2021-0623)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to an integer overflow within asf extractor. A local application can gain access to sensitive information.
18) Out-of-bounds read (CVE-ID: CVE-2021-0622)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to a heap buffer overflow within asf extractor. A local application can gain access to sensitive information.
19) Out-of-bounds read (CVE-ID: CVE-2021-0621)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to an integer overflow within asf extractor. A local application can gain access to sensitive information.
20) Out-of-bounds read (CVE-ID: CVE-2021-0620)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to a heap buffer overflow within asf extractor. A local application can gain access to sensitive information.
21) Out-of-bounds read (CVE-ID: CVE-2021-0619)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to a missing bounds check within ape extractor. A local application can gain access to sensitive information.
Remediation
Install update from vendor's website.