TROYANOSYVIRUS
Back to CVEs

CVE-2020-0069

HIGHCISA KEV
7.8

Description

In the ioctl handlers of the Mediatek Command Queue driver, there is a possible out of bounds write due to insufficient input sanitization and missing SELinux restrictions. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-147882143References: M-ALPS04356754

CVE Details

CVSS v3.1 Score7.8
SeverityHIGH
CVSS VectorCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack VectorLOCAL
ComplexityLOW
Privileges RequiredLOW
User InteractionNONE
Published3/10/2020
Last Modified10/23/2025
Sourcekev
Honeypot Sightings0

CISA KEV

VendorMediaTek
ProductMultiple Chipsets
Vulnerability NameMediatek Multiple Chipsets Insufficient Input Validation Vulnerability
KEV Date Added2021-11-03
Remediation Due Date2022-05-03
Ransomware UseUnknown

Affected Products

google:androidhuawei:berkeley-l09huawei:berkeley-l09_firmwarehuawei:columbia-al10bhuawei:columbia-al10b_firmwarehuawei:columbia-l29dhuawei:columbia-l29d_firmwarehuawei:columbia-tl00bhuawei:columbia-tl00b_firmwarehuawei:columbia-tl00dhuawei:columbia-tl00d_firmwarehuawei:cornell-al00ahuawei:cornell-al00a_firmwarehuawei:cornell-tl10bhuawei:cornell-tl10b_firmwarehuawei:dura-al00ahuawei:dura-al00a_firmwarehuawei:honor_20_prohuawei:honor_20_pro_firmwarehuawei:honor_8ahuawei:honor_8a_firmwarehuawei:honor_view_20huawei:honor_view_20_firmwarehuawei:jakarta-al00ahuawei:jakarta-al00a_firmwarehuawei:katyusha-al00ahuawei:katyusha-al00a_firmwarehuawei:katyusha-al10ahuawei:katyusha-al10a_firmwarehuawei:madrid-al00ahuawei:madrid-al00a_firmwarehuawei:nova_3huawei:nova_3_firmwarehuawei:nova_4huawei:nova_4_firmwarehuawei:paris-l29bhuawei:paris-l29b_firmwarehuawei:princeton-al10bhuawei:princeton-al10b_firmwarehuawei:sydney-al00huawei:sydney-al00_firmwarehuawei:sydney-tl00huawei:sydney-tl00_firmwarehuawei:sydneym-al00huawei:sydneym-al00_firmwarehuawei:tony-al00bhuawei:tony-al00b_firmwarehuawei:tony-tl00bhuawei:tony-tl00b_firmwarehuawei:y6_2019huawei:y6_2019_firmwarehuawei:yale-al00ahuawei:yale-al00a_firmwarehuawei:yale-l21ahuawei:yale-l21a_firmwarehuawei:yalep-al10bhuawei:yalep-al10b_firmware

Weaknesses (CWE)

CWE-787CWE-787

References

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200527-01-mtk-en(security@android.com)
https://source.android.com/security/bulletin/2020-03-01(security@android.com)
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200527-01-mtk-en(af854a3a-2127-422b-91ae-364da2661108)
https://source.android.com/security/bulletin/2020-03-01(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-0069(134c704f-9b21-4f2e-91b3-4a467353bcc0)

IOC Correlations

No correlations recorded

This product uses data from the NVD API but is not endorsed or certified by the NVD.