MediaTek KeyInstall Out-of-Bounds Write Vulnerability Allowing Privilege Escalation

A vulnerability in the KeyInstall component of certain MediaTek chipsets allows for a local out-of-bounds write, potentially leading to unauthorized privilege escalation. This issue arises from a missing bounds check, which could be exploited by an attacker who has already gained System privileges. The vulnerability does not require user interaction to be exploited. It affects MediaTek chipsets including MT6765, MT6768, MT6833, MT6835, MT6853, MT6855, MT6879, MT6886, MT6893, MT6897, MT6983, MT6985, MT6989, and MT8796. The vulnerable software versions are Android 14.0 and 15.0.

Impact

Exploitation of this vulnerability could result in local escalation of privileges, allowing an attacker to gain elevated rights on the affected device.

Remediation

MediaTek has issued a patch for this vulnerability, which can be applied by device manufacturers. Instructions for applying the patch are available through MediaTek's official channels.