Lucene search

[email protected]CVE-2021-0612

HistorySep 27, 2021 - 12:15 p.m.

CVE-2021-0612

2021-09-2712:15:07

CWE-416

[email protected]

web.nvd.nist.gov

security

vulnerability

memory corruption

m4u

local privilege escalation

system execution privileges

cve-2021-0612

nvd

alps05403499

alps05425834

4.6 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

0.0004 Low

EPSS

Percentile

5.1%

JSON

In m4u, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05403499; Issue ID: ALPS05425834.

Affected configurations

NVD

Node

googleandroidMatch10.0

googleandroidMatch11.0

AND

mediatekmt6580Match-

mediatekmt6582_90Match-

mediatekmt6582eMatch-

mediatekmt6582hMatch-

mediatekmt6582tMatch-

mediatekmt6582wMatch-

mediatekmt6589Match-

mediatekmt6589tdMatch-

mediatekmt6592_90Match-

mediatekmt6592eMatch-

mediatekmt6592hMatch-

mediatekmt6592tMatch-

mediatekmt6592wMatch-

mediatekmt6595Match-

mediatekmt6731Match-

mediatekmt6732Match-

mediatekmt6735Match-

mediatekmt6737Match-

mediatekmt6739Match-

mediatekmt6750Match-

mediatekmt6750sMatch-

mediatekmt6752Match-

mediatekmt6753Match-

mediatekmt6755Match-

mediatekmt6755sMatch-

mediatekmt6757Match-

mediatekmt6757cMatch-

mediatekmt6757cdMatch-

mediatekmt6757chMatch-

mediatekmt6758Match-

mediatekmt6761Match-

mediatekmt6762Match-

mediatekmt6763Match-

mediatekmt6765Match-

mediatekmt6768Match-

mediatekmt6769Match-

mediatekmt6771Match-

mediatekmt6779Match-

mediatekmt6785Match-

mediatekmt6795Match-

mediatekmt6797Match-

mediatekmt6799Match-

mediatekmt6833Match-

mediatekmt6853Match-

mediatekmt6853tMatch-

mediatekmt6873Match-

mediatekmt6875Match-

mediatekmt6877Match-

mediatekmt6883Match-

mediatekmt6885Match-

mediatekmt6889Match-

mediatekmt6891Match-

mediatekmt6893Match-

CPENameOperatorVersion
google:androidgoogle androideq10.0
google:androidgoogle androideq11.0

CPE	Name	Operator	Version
google:android	google android	eq	10.0
google:android	google android	eq	11.0

CNA Affected

[
  {
    "product": "MT6580, MT6582E, MT6582H, MT6582T, MT6582W, MT6582_90, MT6589, MT6589TD, MT6592E, MT6592H, MT6592T, MT6592W, MT6592_90, MT6595, MT6731, MT6732, MT6735, MT6737, MT6739, MT6750, MT6750S, MT6752, MT6753, MT6755, MT6755S, MT6757, MT6757C, MT6757CD, MT6757CH, MT6758, MT6761, MT6762, MT6763, MT6765, MT6768, MT6769, MT6771, MT6779, MT6785, MT6795, MT6797, MT6799, MT6833, MT6853, MT6853T, MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Android 10.0, 11.0"
      }
    ]
  }
]

References

corp.mediatek.com/product-security-bulletin/September-2021

4.6 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for CVE-2021-0612

cvelist1 nvd1 prion1