SB2022053102 - Multiple vulnerabilities in MediaTek Chipsets

Description

This security bulletin contains information about 18 secuirty vulnerabilities.

1) Out-of-bounds read (CVE-ID: CVE-2021-0674)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition in alac decoder. A remote attacker can trigger out-of-bounds read error and read contents of memory on the system.

2) Buffer overflow (CVE-ID: CVE-2021-0675)

The vulnerability allows a local attacker to escalate privileges on the system.

The vulnerability exists due to a boundary error in alac decoder. A local attacker can trigger memory corruption and gain elevated privileges on the target system.

3) Improper Input Validation (CVE-ID: CVE-2021-0900)

The vulnerability allows a local privileged application to gain access to sensitive information.

The vulnerability exists due to an incorrect bounds check within apusys. A local privileged application can gain access to sensitive information.

4) Memory corruption (CVE-ID: CVE-2021-0895)

The vulnerability allows a local privileged application to execute arbitrary code.

The vulnerability exists due to a missing bounds check within apusys. A local privileged application can execute arbitrary code.

5) Memory corruption (CVE-ID: CVE-2021-0894)

The vulnerability allows a local privileged application to execute arbitrary code.

The vulnerability exists due to a missing bounds check within apusys. A local privileged application can execute arbitrary code.

6) Use After Free (CVE-ID: CVE-2021-0893)

The vulnerability allows a local privileged application to execute arbitrary code.

The vulnerability exists due to a use after free within apusys. A local privileged application can execute arbitrary code.

7) Improper Check or Handling of Exceptional Conditions (CVE-ID: CVE-2021-0679)

The vulnerability allows a local privileged application to execute arbitrary code.

The vulnerability exists due to a missing bounds check within apusys. A local privileged application can execute arbitrary code.

8) Memory corruption (CVE-ID: CVE-2021-0678)

The vulnerability allows a local privileged application to execute arbitrary code.

The vulnerability exists due to a missing bounds check within apusys. A local privileged application can execute arbitrary code.

9) Integer overflow (CVE-ID: CVE-2021-0677)

The vulnerability allows a local privileged application to gain access to sensitive information.

The vulnerability exists due to an integer overflow within ccu driver. A local privileged application can gain access to sensitive information.

10) Information Exposure (CVE-ID: CVE-2021-0676)

The vulnerability allows a local privileged application to gain access to sensitive information.

The vulnerability exists due to an incorrect bounds check within geniezone driver. A local privileged application can gain access to sensitive information.

11) Incorrect Permission Assignment for Critical Resource (CVE-ID: CVE-2021-0904)

The vulnerability allows a local privileged application to execute arbitrary code.

The vulnerability exists due to an insecure permission setting within SRAMROM. A local privileged application can execute arbitrary code.

12) Integer overflow (CVE-ID: CVE-2021-0901)

The vulnerability allows a local privileged application to execute arbitrary code.

The vulnerability exists due to a missing bounds check within apusys. A local privileged application can execute arbitrary code.

13) Memory corruption (CVE-ID: CVE-2021-0903)

The vulnerability allows a local privileged application to execute arbitrary code.

The vulnerability exists due to a missing bounds check within apusys. A local privileged application can execute arbitrary code.

14) Improper Input Validation (CVE-ID: CVE-2021-0902)

The vulnerability allows a local privileged application to gain access to sensitive information.

The vulnerability exists due to an incorrect bounds check within apusys. A local privileged application can gain access to sensitive information.

15) Use After Free (CVE-ID: CVE-2021-0899)

The vulnerability allows a local privileged application to execute arbitrary code.

The vulnerability exists due to a use after free within apusys. A local privileged application can execute arbitrary code.

16) Use After Free (CVE-ID: CVE-2021-0898)

The vulnerability allows a local privileged application to execute arbitrary code.

The vulnerability exists due to a use after free within apusys. A local privileged application can execute arbitrary code.

17) Time-of-check Time-of-use (TOCTOU) Race Condition (CVE-ID: CVE-2021-0897)

The vulnerability allows a local privileged application to execute arbitrary code.

The vulnerability exists due to a missing bounds check within apusys. A local privileged application can execute arbitrary code.

18) Memory corruption (CVE-ID: CVE-2021-0896)

The vulnerability allows a local privileged application to execute arbitrary code.

The vulnerability exists due to a missing bounds check within apusys. A local privileged application can execute arbitrary code.

Remediation

Install update from vendor's website.

References

• https://corp.mediatek.com/product-security-bulletin/December-2021
• https://cpr-zero.checkpoint.com/vulns/cprid-2187/
• https://cpr-zero.checkpoint.com/vulns/cprid-2188/