MediaTek Frame Buffer Debugging Interface Memory Overwrite
- Published: 11 May 2017
MediaTek Frame Buffer Debugging Interface Memory Overwrite
Share
Type
- Input Validation
Severity
- High
Affected products
- Mediatek 6735
CVE Reference
- N/A
Timeline
| 2016-10-22 | Issue reported to MediaTek. |
| 2016-11-16 | MediaTek responded with confirmation of the issue. |
| 2016-11-25 | MWR queried MediaTek for the issue status and patch release plan. |
| 2017-03-30 | MWR queried MediaTek for the issue status and patch release plan. |
| 2017-03-30 | MediaTek confirmed that issue was fixed and a patch was available to its customers. |
Description
MediaTek is a company that provides system-on-chip solutions for wireless communications, HDTV, DVD and Blu-ray. A number of MediaTek clients including Huawei, and Neffos were found to be affected by a vulnerability in the MediaTek Frame Buffer Debugging Interface code.
The ‘/d/mtkfb’ file provides a framebuffer debugging interface which allows the root user to query and configure various frame buffer options. It was found that the ‘regw’ command can be abused for overwriting arbitrary kernel memory.
Impact
Local attackers who gain root access can exploit this issue to gain additional capabilities and disable security mechanisms such as SELinux.
Cause
This vulnerability is due to insufficient input validation of user supplied data.
Solution
MediaTek clients can receive the security fix directly from the vendor.
Technical details
Please refer to the attached advisory.