The MediaTek Product Security Bulletin contains details of security vulnerabilities affecting MediaTek Smartphone, Tablet, AIoT, Smart display and TV chipsets. Device OEMs have been notified of all the issues and the corresponding security patches for at least two months before publication.
The severity of the identified vulnerabilities was conducted based on the Common Vulnerability Scoring System version 3.1 (CVSS v3.1).
The severity of the identified vulnerabilities was conducted based on the Common Vulnerability Scoring System version 3.1 (CVSS v3.1).
Summary
Details
| CVE | CVE-2021-0672 |
|---|---|
| Title | Exposure of sensitive information to an unauthorized actor in Browser app |
| Severity | High |
| Vulnerability Type | ID |
| CWE | CWE-200 Exposure of Sensitive Information to an Unauthorized Actor |
| Description | In Browser app, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. |
| Affected Chipsets | MT6731, MT6732, MT6735, MT6737, MT6739, MT6750, MT6750S, MT6752, MT6753, MT6755, MT6755S, MT6757, MT6757C, MT6757CD, MT6757CH, MT6758, MT6761, MT6762, MT6763, MT6765, MT6768, MT6769, MT6771, MT6779, MT6781, MT6785, MT6795, MT6797, MT6799, MT6833, MT6853, MT6853T, MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893, MT8163, MT8167, MT8167S, MT8168, MT8173, MT8175, MT8183, MT8185, MT8195, MT8321, MT8362A, MT8365, MT8385, MT8735A, MT8735B, MT8765, MT8766, MT8768, MT8786, MT8788, MT8789, MT8791, MT8797 |
| Affected Software Versions | Android 8.1, 9.0, 10.0, 11.0 |
| CVE | CVE-2021-0619 |
|---|---|
| Title | Out-of-bounds read in ape extractor |
| Severity | Medium |
| Vulnerability Type | ID |
| CWE | CWE-125 Out-of-bounds Read |
| Description | In ape extractor, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. |
| Affected Chipsets | MT6739, MT6758, MT6761, MT6762, MT6763, MT6765, MT6768, MT6769, MT6771, MT6779, MT6785, MT6795, MT6797, MT6799, MT6833, MT6853, MT6853T, MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893, MT8163, MT8167, MT8167S, MT8168, MT8173, MT8175, MT8183, MT8185, MT8195, MT8321, MT8362A, MT8365, MT8385, MT8765, MT8766, MT8768, MT8786, MT8788, MT8789, MT8791, MT8797 |
| Affected Software Versions | Android 10.0, 11.0 |
| CVE | CVE-2021-0620 |
|---|---|
| Title | Out-of-bounds read in asf extractor |
| Severity | Medium |
| Vulnerability Type | ID |
| CWE | CWE-125 Out-of-bounds Read |
| Description | In asf extractor, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. |
| Affected Chipsets | MT5522, MT5527, MT5597, MT5598, MT5599, MT6580, MT6735, MT6737, MT6739, MT6750S, MT6753, MT6755S, MT6757, MT6757C, MT6757CD, MT6757CH, MT6761, MT6762, MT6763, MT6765, MT6768, MT6771, MT6779, MT6785, MT6833, MT6853, MT6853T, MT6873, MT6877, MT6885, MT6889, MT6893, MT8163, MT8167, MT8167S, MT8168, MT8173, MT8175, MT8183, MT8185, MT8195, MT8321, MT8362A, MT8365, MT8385, MT8765, MT8766, MT8768, MT8786, MT8788, MT8789, MT8791, MT8797, MT9256, MT9285, MT9286, MT9288, MT9629, MT9631, MT9632, MT9636, MT9638, MT9639, MT9650, MT9652, MT9669, MT9670, MT9675, MT9685, MT9686, MT9688, MT9931, MT9950, MT9970, MT9980, MT9981 |
| Affected Software Versions | Android 10.0, 11.0 |
| CVE | CVE-2021-0621 |
|---|---|
| Title | Out-of-bounds read in asf extractor |
| Severity | Medium |
| Vulnerability Type | ID |
| CWE | CWE-125 Out-of-bounds Read |
| Description | In asf extractor, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. |
| Affected Chipsets | MT5522, MT5527, MT5597, MT5598, MT5599, MT6580, MT6735, MT6737, MT6739, MT6750S, MT6753, MT6755S, MT6757, MT6757C, MT6757CD, MT6757CH, MT6761, MT6762, MT6763, MT6765, MT6768, MT6771, MT6779, MT6785, MT6833, MT6853, MT6853T, MT6873, MT6877, MT6885, MT6889, MT6893, MT8163, MT8167, MT8167S, MT8168, MT8173, MT8175, MT8183, MT8184, MT8185, MT8195, MT8321, MT8362A, MT8365, MT8385, MT8765, MT8766, MT8768, MT8786, MT8788, MT8789, MT8791, MT8797, MT9256, MT9285, MT9286, MT9288, MT9629, MT9631, MT9632, MT9636, MT9638, MT9639, MT9650, MT9652, MT9669, MT9670, MT9675, MT9685, MT9686, MT9688, MT9931, MT9950, MT9970, MT9980, MT9981 |
| Affected Software Versions | Android 10.0, 11.0 |
| CVE | CVE-2021-0622 |
|---|---|
| Title | Out-of-bounds read in asf extractor |
| Severity | Medium |
| Vulnerability Type | ID |
| CWE | CWE-125 Out-of-bounds Read |
| Description | In asf extractor, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. |
| Affected Chipsets | MT5522, MT5527, MT5597, MT5598, MT5599, MT6580, MT6735, MT6737, MT6739, MT6750S, MT6753, MT6755S, MT6757, MT6757C, MT6757CD, MT6757CH, MT6761, MT6762, MT6763, MT6765, MT6768, MT6771, MT6779, MT6785, MT6833, MT6853, MT6853T, MT6873, MT6877, MT6885, MT6889, MT6893, MT8163, MT8167, MT8167S, MT8168, MT8173, MT8175, MT8183, MT8185, MT8195, MT8321, MT8362A, MT8365, MT8385, MT8765, MT8766, MT8768, MT8786, MT8788, MT8789, MT8791, MT8797, MT9256, MT9285, MT9286, MT9288, MT9629, MT9631, MT9632, MT9636, MT9638, MT9639, MT9650, MT9652, MT9669, MT9670, MT9675, MT9685, MT9686, MT9688, MT9931, MT9950, MT9970, MT9980, MT9981 |
| Affected Software Versions | Android 10.0, 11.0 |
| CVE | CVE-2021-0623 |
|---|---|
| Title | Out-of-bounds read in asf extractor |
| Severity | Medium |
| Vulnerability Type | ID |
| CWE | CWE-125 Out-of-bounds Read |
| Description | In asf extractor, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. |
| Affected Chipsets | MT5522, MT5527, MT5597, MT5598, MT5599, MT6580, MT6735, MT6737, MT6739, MT6750S, MT6753, MT6755S, MT6757, MT6757C, MT6757CD, MT6757CH, MT6761, MT6762, MT6763, MT6765, MT6768, MT6771, MT6779, MT6785, MT6833, MT6853, MT6853T, MT6873, MT6877, MT6885, MT6889, MT6893, MT8163, MT8167, MT8167S, MT8168, MT8173, MT8175, MT8183, MT8185, MT8186, MT8195, MT8321, MT8362A, MT8365, MT8385, MT8765, MT8766, MT8768, MT8786, MT8788, MT8789, MT8791, MT8797, MT9256, MT9285, MT9286, MT9288, MT9629, MT9631, MT9632, MT9636, MT9638, MT9639, MT9650, MT9652, MT9669, MT9670, MT9675, MT9685, MT9686, MT9688, MT9931, MT9950, MT9970, MT9980, MT9981 |
| Affected Software Versions | Android 10.0, 11.0 |
| CVE | CVE-2021-0624 |
|---|---|
| Title | Out-of-bounds read in flv extractor |
| Severity | Medium |
| Vulnerability Type | ID |
| CWE | CWE-125 Out-of-bounds Read |
| Description | In flv extractor, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. |
| Affected Chipsets | MT6580, MT6735, MT6737, MT6739, MT6750S, MT6753, MT6755S, MT6757, MT6757C, MT6757CD, MT6757CH, MT6761, MT6762, MT6763, MT6765, MT6768, MT6771, MT6779, MT6785, MT6833, MT6853, MT6853T, MT6873, MT6877, MT6885, MT6889, MT6893, MT8163, MT8167, MT8167S, MT8168, MT8173, MT8175, MT8183, MT8185, MT8195, MT8321, MT8362A, MT8365, MT8385, MT8735A, MT8735B, MT8765, MT8766, MT8768, MT8786, MT8788, MT8789, MT8791, MT8797 |
| Affected Software Versions | Android 10.0, 11.0 |
| CVE | CVE-2021-0629 |
|---|---|
| Title | Improper restriction of operations within the bounds of a memory buffer in mdlactl driver |
| Severity | Medium |
| Vulnerability Type | EoP |
| CWE | CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer |
| Description | In mdlactl driver, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. |
| Affected Chipsets | MT6873, MT6875, MT6883, MT6885, MT6889, MT6891, MT6893, MT8195, MT8791, MT8797, MT9636, MT9638, MT9639, MT9650, MT9652, MT9669, MT9686, MT9970, MT9980, MT9981 |
| Affected Software Versions | Android 10.0, 11.0 |
| CVE | CVE-2021-0655 |
|---|---|
| Title | Improper restriction of operations within the bounds of a memory buffer in mdlactl driver |
| Severity | Medium |
| Vulnerability Type | EoP |
| CWE | CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer |
| Description | In mdlactl driver, there is a possible memory corruption due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. |
| Affected Chipsets | MT6873, MT6875, MT6883, MT6885, MT6889, MT6891, MT6893 |
| Affected Software Versions | Android 10.0, 11.0 |
| CVE | CVE-2021-0656 |
|---|---|
| Title | Use after free in edma driver |
| Severity | Medium |
| Vulnerability Type | EoP |
| CWE | CWE-416 Use After Free |
| Description | In edma driver, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. |
| Affected Chipsets | MT6853, MT6853T, MT6873, MT6877, MT6883, MT6885, MT6889, MT6893, MT8195, MT8791, MT8797 |
| Affected Software Versions | Android 10.0, 11.0 |
| CVE | CVE-2021-0657 |
|---|---|
| Title | Stack-based buffer overflow in apusys |
| Severity | Medium |
| Vulnerability Type | EoP |
| CWE | CWE-121 Stack-based Buffer Overflow |
| Description | In apusys, there is a possible out of bounds write due to a stack-based buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. |
| Affected Chipsets | MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893, MT8195, MT8791, MT8797 |
| Affected Software Versions | Android 10.0 |
| CVE | CVE-2021-0658 |
|---|---|
| Title | Improper restriction of operations within the bounds of a memory buffer in apusys |
| Severity | Medium |
| Vulnerability Type | EoP |
| CWE | CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer |
| Description | In apusys, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. |
| Affected Chipsets | MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893, MT8195, MT8791, MT8797 |
| Affected Software Versions | Android 10.0, 11.0 |
| CVE | CVE-2021-0659 |
|---|---|
| Title | Out-of-bounds read in apusys |
| Severity | Medium |
| Vulnerability Type | ID |
| CWE | CWE-125 Out-of-bounds Read |
| Description | In apusys, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. |
| Affected Chipsets | MT6853, MT6853T, MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893, MT8195, MT8791, MT8797 |
| Affected Software Versions | Android 10.0, 11.0 |
| CVE | CVE-2021-0664 |
|---|---|
| Title | Improper restriction of operations within the bounds of a memory buffer in ccu |
| Severity | Medium |
| Vulnerability Type | EoP |
| CWE | CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer |
| Description | In ccu, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. |
| Affected Chipsets | MT6765, MT6768, MT6771, MT6779, MT6785, MT6833, MT6853, MT6873, MT6877, MT6885, MT6889, MT8183, MT8385, MT8768, MT8788 |
| Affected Software Versions | Android 10.0, 11.0 |
| CVE | CVE-2021-0665 |
|---|---|
| Title | Out-of-bounds read in apusys |
| Severity | Medium |
| Vulnerability Type | ID |
| CWE | CWE-125 Out-of-bounds Read |
| Description | In apusys, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. |
| Affected Chipsets | MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893, MT8195, MT8791, MT8797, MT9636, MT9638, MT9639, MT9650, MT9652, MT9669, MT9686, MT9970, MT9980, MT9981 |
| Affected Software Versions | Android 10.0 |
| CVE | CVE-2021-0666 |
|---|---|
| Title | Out-of-bounds read in apusys |
| Severity | Medium |
| Vulnerability Type | ID |
| CWE | CWE-125 Out-of-bounds Read |
| Description | In apusys, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. |
| Affected Chipsets | MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893, MT8195, MT8791, MT8797, MT9636, MT9638, MT9639, MT9650, MT9652, MT9669, MT9686, MT9970, MT9980, MT9981 |
| Affected Software Versions | Android 11.0 |
| CVE | CVE-2021-0667 |
|---|---|
| Title | Use after free in apusys |
| Severity | Medium |
| Vulnerability Type | EoP |
| CWE | CWE-416 Use After Free |
| Description | In apusys, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. |
| Affected Chipsets | MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893, MT9636, MT9638, MT9639, MT9650, MT9652, MT9669, MT9686, MT9970, MT9980, MT9981 |
| Affected Software Versions | Android 10.0, 11.0 |
| CVE | CVE-2021-0668 |
|---|---|
| Title | Improper check or handling of exceptional conditions in apusys |
| Severity | Medium |
| Vulnerability Type | EoP |
| CWE | CWE-703 Improper Check or Handling of Exceptional Conditions |
| Description | In apusys, there is a possible memory corruption due to incorrect error handling. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. |
| Affected Chipsets | MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893, MT9636, MT9638, MT9639, MT9650, MT9652, MT9669, MT9686, MT9970, MT9980, MT9981 |
| Affected Software Versions | Android 10.0, 11.0 |
| CVE | CVE-2021-0669 |
|---|---|
| Title | Use after free in apusys |
| Severity | Medium |
| Vulnerability Type | EoP |
| CWE | CWE-416 Use After Free |
| Description | In apusys, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. |
| Affected Chipsets | MT6853, MT6853T, MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893, MT8195, MT8791, MT8797, MT9636, MT9638, MT9639, MT9650, MT9652, MT9669, MT9686, MT9970, MT9980, MT9981 |
| Affected Software Versions | Android 10.0, 11.0 |
| CVE | CVE-2021-0670 |
|---|---|
| Title | Improper restriction of operations within the bounds of a memory buffer in apusys |
| Severity | Medium |
| Vulnerability Type | EoP |
| CWE | CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer |
| Description | In apusys, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. |
| Affected Chipsets | MT6853, MT6853T, MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893, MT8195, MT8791, MT8797 |
| Affected Software Versions | Android 10.0, 11.0 |
| CVE | CVE-2021-0671 |
|---|---|
| Title | Improper restriction of operations within the bounds of a memory buffer in apusys |
| Severity | Medium |
| Vulnerability Type | EoP |
| CWE | CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer |
| Description | In apusys, there is a possible memory corruption due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. |
| Affected Chipsets | MT6853, MT6853T, MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893, MT8195, MT8791, MT8797 |
| Affected Software Versions | Android 10.0 |
Vulnerability Type Definition
| Abbreviation | Definition |
|---|---|
| RCE | Remote Code Execution |
| EoP | Elevation of Privilege |
| ID | Information Disclosure |
| DoS | Denial of Service |
| N/A | Classification not available |
Versions
| Version | Date | Description |
| 1.0 | November 11, 2021 | Bulletin published. |
Notes
Information above is generated only at the time of creation of this Security Bulletin. The list of affected chipsets could be not complete. For any further information, device OEMs can reach your MediaTek contact person if needed.
If you want to report a security vulnerability in MediaTek chipsets or products, please go to Report Security Vulnerability page on MediaTek website.
If you want to report a security vulnerability in MediaTek chipsets or products, please go to Report Security Vulnerability page on MediaTek website.