MediaTek GPU Extension Device Integer Overflow
Description
MediaTek is a company that provides system-on-chip solutions for wireless communications, HDTV, DVD and Blu-ray. A number of MediaTek clients including Huawei, and Neffos were found to be affected by a vulnerability in the MediaTek GPU Extension Device code.
The '/proc/ged' file implements an IOCTL interface vulnerable to an integer overflow. This vulnerability can be leveraged by local attackers to trigger a kernel heap memory corruption.
Impact
Local attackers can exploit this issue to gain root privileges or achieve kernel mode code execution.
Cause
This vulnerability is due to insufficient input validation of user supplied data.
Solution
MediaTek clients can receive the security fix directly from the vendor.
Technical details
Please refer to the attached advisory.