Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2021-0673

In Audio Aurisys HAL, there is a possible permission bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05977326; Issue ID: ALPS05977326.

Published

2021-12-17T17:15:10.737

Last Modified

2024-11-21T05:43:07.417

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.8 (HIGH)

CVSSv2 Vector

AV:L/AC:L/Au:N/C:P/I:P/A:P

  • Access Vector: LOCAL
  • Access Complexity: LOW
  • Authentication: NONE
  • Confidentiality Impact: PARTIAL
  • Integrity Impact: PARTIAL
  • Availability Impact: PARTIAL
Exploitability Score

3.9

Impact Score

6.4

Weaknesses
  • Type: Primary
    CWE-862
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Operating System google android 10.0 Yes
Operating System google android 11.0 Yes
Operating System google android 12.0 Yes
Hardware mediatek mt6779 - No
Hardware mediatek mt6781 - No
Hardware mediatek mt6785 - No
Hardware mediatek mt6853 - No
Hardware mediatek mt6853t - No
Hardware mediatek mt6873 - No
Hardware mediatek mt6875 - No
Hardware mediatek mt6877 - No
Hardware mediatek mt6883 - No
Hardware mediatek mt6885 - No
Hardware mediatek mt6889 - No
Hardware mediatek mt6891 - No
Hardware mediatek mt6893 - No
Hardware mediatek mt8183 - No
Hardware mediatek mt8185 - No
Hardware mediatek mt8195 - No
Hardware mediatek mt8321 - No
Hardware mediatek mt8385 - No
Hardware mediatek mt8765 - No
Hardware mediatek mt8766 - No
Hardware mediatek mt8768 - No
Hardware mediatek mt8771 - No
Hardware mediatek mt8786 - No
Hardware mediatek mt8788 - No
Hardware mediatek mt8789 - No
Hardware mediatek mt8791 - No
Hardware mediatek mt8797 - No
References