Memory Management Vulnerability in MediaTek Products
CVE-2021-0420

5.5MEDIUM

Key Information:

Vendor: Google
Status: Mt6580, Mt6582e, Mt6582h, Mt6582t, Mt6582w, Mt6582 90, Mt6589, Mt6589td, Mt6592e, Mt6592h, Mt6592t, Mt6592w, Mt6592 90, Mt6595, Mt6731, Mt6732, Mt6735, Mt6737, Mt6739, Mt6750, Mt6750s, Mt6752, Mt6753, Mt6755, Mt6755s, Mt6757, Mt6757c, Mt6757cd, Mt6757ch, Mt6758, Mt6761, Mt6762, Mt6763, Mt6765, Mt6768, Mt6769, Mt6771, Mt6779, Mt6785, Mt6795, Mt6797, Mt6799, Mt6833, Mt6853, Mt6853t, Mt6873, Mt6875, Mt6877, Mt6883, Mt6885, Mt6889, Mt6891, Mt6893
Vendor: CVE Published:; 18 August 2021

What is CVE-2021-0420?

A vulnerability in the memory management driver can cause a system crash due to a missing bounds check, leading to a local denial of service. This issue can be exploited without requiring elevated privileges or user interaction, making it a significant concern. Affected systems should be updated to the patched version to mitigate the risk.

Affected Version(s)

MT6580, MT6582E, MT6582H, MT6582T, MT6582W, MT6582_90, MT6589, MT6589TD, MT6592E, MT6592H, MT6592T, MT6592W, MT6592_90, MT6595, MT6731, MT6732, MT6735, MT6737, MT6739, MT6750, MT6750S, MT6752, MT6753, MT6755, MT6755S, MT6757, MT6757C, MT6757CD, MT6757CH, MT6758, MT6761, MT6762, MT6763, MT6765, MT6768, MT6769, MT6771, MT6779, MT6785, MT6795, MT6797, MT6799, MT6833, MT6853, MT6853T, MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893 Android 10.0, 11.0

References

https://corp.mediatek.com/product-security-bulletin/Augus...

x_refsource_MISC

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 18, 2021
Vulnerability Reserved
Nov 6, 2020

CVE-2021-0420 Data

JSON

Google

What is CVE-2021-0420?

Affected Version(s)

References

CVSS V3.1

Timeline