CVE-2021-0904

Published: Dec 15, 2021Modified: Nov 21, 2024

6.7

Vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Exploitability: 0.8 / Impact: 5.9

Source: NVD

Description

In SRAMROM, there is a possible permission bypass due to an insecure permission setting. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06076938; Issue ID: ALPS06076938.

Affected (4)

Products: Google: Android

1 product

Configuration A

4 vulnerable · 4 platform

Vulnerable Software	Affected Versions
Google Android	Version 10.0
Google Android	Version 11.0
Google Android	Version 8.1
Google Android	Version 9.0

Running on/with	Platform Versions
Mediatek Mt6771	All versions
Mediatek Mt8183	All versions
Mediatek Mt8385	All versions
Mediatek Mt8788	All versions

Related CWEs

Incorrect Permission Assignment for Critical Resource

The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

References (2)

https://corp.mediatek.com/product-security-bulletin/December-2021

Source: security@android.com

Third Party Advisory

https://corp.mediatek.com/product-security-bulletin/December-2021

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.