CVE-2021-0904
Summary
| CVE | CVE-2021-0904 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2021-12-15 19:15:00 UTC |
| Updated | 2022-04-01 19:12:00 UTC |
| Description | In SRAMROM, there is a possible permission bypass due to an insecure permission setting. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06076938; Issue ID: ALPS06076938. |
Risk And Classification
Problem Types: CWE-732
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Operating System | Android | - | All | All | All | |
| Operating System | Android | 10.0 | All | All | All | |
| Operating System | Android | 11.0 | All | All | All | |
| Operating System | Android | 8.1 | All | All | All | |
| Operating System | Android | 9.0 | All | All | All | |
| Hardware | Mediatek | Mt6771 | - | All | All | All |
| Hardware | Mediatek | Mt8183 | - | All | All | All |
| Hardware | Mediatek | Mt8385 | - | All | All | All |
| Hardware | Mediatek | Mt8788 | - | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Android Security Bulletin—December 2021 | Android Open Source Project | MISC | source.android.com | |
| December 2021 | MISC | corp.mediatek.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 610386 Google Android Devices December 2021 Security Patch Missing