CVE-2020-0069

high-risk

Published 2020-03-10

In the ioctl handlers of the Mediatek Command Queue driver, there is a possible out of bounds write due to insufficient input sanitization and missing SELinux restrictions. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-147882143References: M-ALPS04356754

Do I need to act?

0.71% chance of exploitation

EPSS score — low exploit probability

CISA KEV: actively exploited in the wild

On the Known Exploited Vulnerabilities catalog — federal agencies must patch

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 7.8/10 High

LOCAL / LOW complexity

Affected Products (20)

Android

Berkeley-L09 Firmware

Columbia-Al10B Firmware

Columbia-L29D Firmware

Columbia-Tl00B Firmware

Columbia-Tl00D Firmware

Cornell-Al00A Firmware

Cornell-Tl10B Firmware

Dura-Al00A Firmware

Honor 20 Pro Firmware

Y6 2019 Firmware

Nova 3 Firmware

Nova 4 Firmware

Honor 8A Firmware

Honor View 20 Firmware

Jakarta-Al00A Firmware

Katyusha-Al00A Firmware

Katyusha-Al10A Firmware

Madrid-Al00A Firmware

Paris-L29B Firmware

Affected Vendors

Google Huawei

References (5)

Vendor Advisory http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200527-01-mtk-en

Vendor Advisory https://source.android.com/security/bulletin/2020-03-01

Vendor Advisory http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200527-01-mtk-en

Vendor Advisory https://source.android.com/security/bulletin/2020-03-01

Third Party Advisory https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-...

/ 100

high-risk

Severity 24/34 · High

Exploitability 9/34 · Low

Exposure 22/34 · High