In SRAMROM, there is a possible permission bypass due to an insecure permission setting. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06076938; Issue ID: ALPS06076938.
References
Link | Resource |
---|---|
https://corp.mediatek.com/product-security-bulletin/December-2021 | Third Party Advisory |
Configurations
Configuration 1 (hide)
AND |
|
History
01 Apr 2022, 19:12
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-732 | |
CPE | cpe:2.3:h:mediatek:mt8788:-:*:*:*:*:*:*:* cpe:2.3:h:mediatek:mt8385:-:*:*:*:*:*:*:* cpe:2.3:h:mediatek:mt6771:-:*:*:*:*:*:*:* cpe:2.3:o:google:android:8.1:*:*:*:*:*:*:* cpe:2.3:o:google:android:10.0:*:*:*:*:*:*:* cpe:2.3:o:google:android:9.0:*:*:*:*:*:*:* cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:* cpe:2.3:h:mediatek:mt8183:-:*:*:*:*:*:*:* |
|
References | (MISC) https://corp.mediatek.com/product-security-bulletin/December-2021 - Third Party Advisory |
17 Dec 2021, 17:15
Type | Values Removed | Values Added |
---|---|---|
Summary | In SRAMROM, there is a possible permission bypass due to an insecure permission setting. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06076938; Issue ID: ALPS06076938. | |
References |
|
|
17 Dec 2021, 15:26
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-276 | |
CPE | cpe:2.3:o:google:android:-:*:*:*:*:*:*:* | |
CVSS |
v2 : v3 : |
v2 : 7.2
v3 : 6.7 |
References | (MISC) https://source.android.com/security/bulletin/2021-12-01 - Vendor Advisory |
15 Dec 2021, 19:20
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-12-15 19:15
Updated : 2024-02-04 22:08
NVD link : CVE-2021-0904
Mitre link : CVE-2021-0904
CVE.ORG link : CVE-2021-0904
JSON object : View
Products Affected
mediatek
- mt8183
- mt8788
- mt6771
- mt8385
- android
CWE
CWE-732
Incorrect Permission Assignment for Critical Resource