Vulnerability Description
In alac decoder, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06064258; Issue ID: ALPS06064258.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Android | 8.1 | |
| Mediatek | Mt6570 | - |
| Mediatek | Mt6580 | - |
| Mediatek | Mt6735 | - |
| Mediatek | Mt6737 | - |
| Mediatek | Mt6739 | - |
| Mediatek | Mt6750 | - |
| Mediatek | Mt6750S | - |
| Mediatek | Mt6753 | - |
| Mediatek | Mt6755 | - |
| Mediatek | Mt6755S | - |
| Mediatek | Mt6757 | - |
| Mediatek | Mt6757C | - |
| Mediatek | Mt6757Cd | - |
| Mediatek | Mt6757Ch | - |
| Mediatek | Mt6758 | - |
| Mediatek | Mt6761 | - |
| Mediatek | Mt6763 | - |
| Mediatek | Mt6765 | - |
| Mediatek | Mt6768 | - |
Related Weaknesses (CWE)
References
- https://corp.mediatek.com/product-security-bulletin/December-2021Third Party Advisory
- https://corp.mediatek.com/product-security-bulletin/December-2021Third Party Advisory
FAQ
What is CVE-2021-0675?
CVE-2021-0675 is a vulnerability with a CVSS score of 7.8 (HIGH). In alac decoder, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interac...
How severe is CVE-2021-0675?
CVE-2021-0675 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-0675?
Check the references section above for vendor advisories and patch information. Affected products include: Google Android, Mediatek Mt6570, Mediatek Mt6580, Mediatek Mt6735, Mediatek Mt6737.