Information Disclosure in MediaTek Memory Management Drivers
CVE-2021-0415

5.5MEDIUM

Key Information:

Vendor

Google
Status
Mt6580, Mt6582e, Mt6582h, Mt6582t, Mt6582w, Mt6582 90, Mt6589, Mt6589td, Mt6592e, Mt6592h, Mt6592t, Mt6592w, Mt6592 90, Mt6595, Mt6731, Mt6732, Mt6735, Mt6737, Mt6739, Mt6750, Mt6750s, Mt6752, Mt6753, Mt6755, Mt6755s, Mt6757, Mt6757c, Mt6757cd, Mt6757ch, Mt6758, Mt6761, Mt6762, Mt6763, Mt6765, Mt6768, Mt6769, Mt6771, Mt6779, Mt6785, Mt6795, Mt6797, Mt6799, Mt6833, Mt6853, Mt6853t, Mt6873, Mt6875, Mt6877, Mt6883, Mt6885, Mt6889, Mt6891, Mt6893
Vendor
CVE Published:
18 August 2021

What is CVE-2021-0415?

A vulnerability exists in the MediaTek memory management driver due to insufficient permission checks. This flaw allows attackers to potentially disclose sensitive information locally without requiring additional privileges or user interaction. It emphasizes the importance of implementing security patches to mitigate risks associated with information exposure.

Affected Version(s)

MT6580, MT6582E, MT6582H, MT6582T, MT6582W, MT6582_90, MT6589, MT6589TD, MT6592E, MT6592H, MT6592T, MT6592W, MT6592_90, MT6595, MT6731, MT6732, MT6735, MT6737, MT6739, MT6750, MT6750S, MT6752, MT6753, MT6755, MT6755S, MT6757, MT6757C, MT6757CD, MT6757CH, MT6758, MT6761, MT6762, MT6763, MT6765, MT6768, MT6769, MT6771, MT6779, MT6785, MT6795, MT6797, MT6799, MT6833, MT6853, MT6853T, MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893 Android 10.0, 11.0

References

https://corp.mediatek.com/product-security-bulletin/Augus...
x_refsource_MISC

CVSS V3.1

Score:
5.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.