MediaTek PlayReady TA Out-of-Bounds Read Vulnerability in DRM Server

Vulnerability

A vulnerability allowing an out-of-bounds read has been identified in the PlayReady Trusted Application (TA) within the DRM server component. This issue arises from a missing bounds check, which could lead to local escalation of privilege. The vulnerability affects the MT9972 chipset and is present in MediaTek's software versions Android 12.0 and 14.0. Exploitation does not require user interaction, but it does necessitate that the attacker has already obtained System privileges.

Impact

Exploitation of this vulnerability could result in unauthorized access to privileged information or capabilities, allowing a malicious actor to escalate privileges locally on the affected device.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

2.8

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

2.8

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

MediaTek PlayReady TA Out-of-Bounds Read Vulnerability in DRM Server

Vulnerability

Impact

Affected Products

MediaTek MT9972

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating