Login Sign Up

CVE-2021-0612

7.8 HIGH

📋 TL;DR

CVE-2021-0612 is a use-after-free vulnerability in MediaTek's m4u (Memory Management Unit) driver that could allow local attackers to escalate privileges. Exploitation requires System execution privileges but no user interaction, potentially leading to kernel memory corruption. This affects devices using vulnerable MediaTek chipsets.

💻 Affected Systems

Products:
  • MediaTek chipsets with m4u driver
Versions: Specific MediaTek chipset firmware versions prior to patch ALPS05403499
Operating Systems: Android (on MediaTek devices)
Default Config Vulnerable: ⚠️ Yes
Notes: Affects Android devices using vulnerable MediaTek chipsets. Exact device models depend on chipset implementation.

📦 What is this software?

Android by Google

View all CVEs affecting Android →

Android by Google

View all CVEs affecting Android →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with kernel-level code execution, allowing attackers to bypass all security controls, install persistent malware, or access sensitive data.

🟠

Likely Case

Local privilege escalation from a compromised app or user to root/system privileges, enabling further attacks on the device.

🟢

If Mitigated

Limited impact if proper kernel hardening, SELinux/AppArmor policies, and privilege separation are implemented to contain the exploit.

🌐 Internet-Facing: LOW - This is a local privilege escalation vulnerability requiring initial access to the system.
🏢 Internal Only: MEDIUM - Could be exploited by malicious insiders or compromised applications already running on the device.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Requires System execution privileges initially. No public exploit code identified, but use-after-free vulnerabilities in kernel drivers are often exploitable.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Patch ID: ALPS05403499

Vendor Advisory: https://corp.mediatek.com/product-security-bulletin/September-2021

Restart Required: Yes

Instructions:

1. Contact device manufacturer for firmware updates. 2. Apply MediaTek patch ALPS05403499. 3. Update Android security patches. 4. Reboot device after patching.

🔧 Temporary Workarounds

Restrict system privileges

android

Limit applications with System execution privileges using SELinux/AppArmor policies

# Review and tighten SELinux policies
# Restrict system service permissions

🧯 If You Can't Patch

  • Implement strict application sandboxing and privilege separation
  • Monitor for unusual privilege escalation attempts and kernel crashes

🔍 How to Verify

Check if Vulnerable:

Check device chipset and firmware version against MediaTek's advisory. Review kernel logs for m4u driver crashes.

Check Version:

# Check Android security patch level: Settings > About phone > Android security patch level

Verify Fix Applied:

Verify patch ALPS05403499 is applied in firmware version. Check that September 2021 or later security patches are installed.

📡 Detection & Monitoring

Log Indicators:

  • Kernel panic or crashes related to m4u driver
  • Unexpected privilege escalation attempts

Network Indicators:

  • None - local exploitation only

SIEM Query:

source="kernel" AND ("m4u" OR "use-after-free" OR "kernel panic")

📊 Metadata

CVE ID: CVE-2021-0612
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-416
Published: September 27, 2021
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-0612, you might also want to check these:

CVE-2025-24085 10.0

This CVE describes a use-after-free vulnerability (CWE-416) in Apple operating systems that allows m...

Same vulnerability type (CWE-416)
CVE-2024-43102 10.0

This CVE describes a use-after-free vulnerability in FreeBSD's umtx (user mutex) subsystem where con...

Same vulnerability type (CWE-416)
CVE-2021-33796 10.0

CVE-2021-33796 is a use-after-free vulnerability in MuJS's regexp source property access that can le...

Same vulnerability type (CWE-416)