CVE-2021-0904

In SRAMROM, there is a possible permission bypass due to an insecure permission setting. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06076938; Issue ID: ALPS06076938.

CVSS v3 6.7 MEDIUM
CVSS v2.0 7.2 HIGH

6.7^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 0.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

7.2^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:L/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 3.9 / Impact : 10.0

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
https://corp.mediatek.com/product-security-bulletin/December-2021	Third Party Advisory

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:o:google:android:8.1:::::::*
	cpe:2.3:o:google:android:9.0:::::::*
	cpe:2.3:o:google:android:10.0:::::::*
	cpe:2.3:o:google:android:11.0:::::::*

OR	cpe:2.3:h:mediatek:mt6771:-:::::::*
	cpe:2.3:h:mediatek:mt8183:-:::::::*
	cpe:2.3:h:mediatek:mt8385:-:::::::*
	cpe:2.3:h:mediatek:mt8788:-:::::::*

History

01 Apr 2022, 19:12

Type	Values Removed	Values Added
CWE	~~CWE-276~~	CWE-732
CPE	cpe:2.3:o:google:android:-:::::::*	cpe:2.3:h:mediatek:mt8788:-:::::::* cpe:2.3:h:mediatek:mt8385:-:::::::* cpe:2.3:h:mediatek:mt6771:-:::::::* cpe:2.3:o:google:android:8.1:::::::* cpe:2.3:o:google:android:10.0:::::::* cpe:2.3:o:google:android:9.0:::::::* cpe:2.3:o:google:android:11.0:::::::* cpe:2.3:h:mediatek:mt8183:-:::::::*
References	~~(MISC) https://corp.mediatek.com/product-security-bulletin/December-2021 -~~	(MISC) https://corp.mediatek.com/product-security-bulletin/December-2021 - Third Party Advisory

17 Dec 2021, 17:15

Type	Values Removed	Values Added
Summary	In SRAMROM, there is a possible permission bypass due to an insecure permission setting. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-201779035	In SRAMROM, there is a possible permission bypass due to an insecure permission setting. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06076938; Issue ID: ALPS06076938.
References	~~{'url': 'https://source.android.com/security/bulletin/2021-12-01', 'name': 'https://source.android.com/security/bulletin/2021-12-01', 'tags': ['Vendor Advisory'], 'refsource': 'MISC'}~~	(MISC) https://corp.mediatek.com/product-security-bulletin/December-2021 -

17 Dec 2021, 15:26

Type	Values Removed	Values Added
CWE		CWE-276
CPE		cpe:2.3:o:google:android:-:::::::*
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : 7.2 v3 : 6.7
References	~~(MISC) https://source.android.com/security/bulletin/2021-12-01 -~~	(MISC) https://source.android.com/security/bulletin/2021-12-01 - Vendor Advisory

15 Dec 2021, 19:20

Type	Values Removed	Values Added
New CVE

Information

Published : 2021-12-15 19:15

Updated : 2024-02-04 22:08

NVD link : CVE-2021-0904

Mitre link : CVE-2021-0904

CVE.ORG link : CVE-2021-0904

JSON object : View

Products Affected

mediatek

mt8183
mt8788
mt6771
mt8385

google

android

CWE

CWE-732

Incorrect Permission Assignment for Critical Resource

6.7 /10