11.0

CVSS 6.7 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

HIGH

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

local

low complexity

google

CWE-755

NVD

Published: 2021-11-18

Updated: 2021-11-20

Summary

In apusys, there is a possible memory corruption due to incorrect error handling. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05670521; Issue ID: ALPS05670521.

Vulnerable Configurations

Part	Description	Count
OS	Google Google Android 10.0 Google Android 11.0	2
Hardware	Mediatek Mediatek Mt6873 - Mediatek Mt6875 - Mediatek Mt6877 - Mediatek Mt6883 - Mediatek Mt6885 - Mediatek Mt6889 - Mediatek Mt6891 - Mediatek Mt6893 - Mediatek Mt9636 - Mediatek Mt9638 - Mediatek Mt9639 - Mediatek Mt9650 - Mediatek Mt9652 - Mediatek Mt9669 - Mediatek Mt9686 - Mediatek Mt9970 - Mediatek Mt9980 - Mediatek Mt9981 -	18

Common Weakness Enumeration (CWE)

CWE-755 - Improper Handling of Exceptional Conditions

References

https://corp.mediatek.com/product-security-bulletin/November-2021