CVE-2020-0069

Warning

EPSS 0.74%
Published 10.03.2020 20:15:21
Last modified 04.04.2025 13:01:47
Source security@android.com
Teams watchlist Login
Open Login

In the ioctl handlers of the Mediatek Command Queue driver, there is a possible out of bounds write due to insufficient input sanitization and missing SELinux restrictions. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-147882143References: M-ALPS04356754

Affected products Warnungen 1 Metrics 4 CWE 1 References 5

Data is provided by the National Vulnerability Database (NVD)

Google ≫ Android Version-

Huawei ≫ Berkeley-l09 Firmware Version < 10.0.0.177\(c10e3r1p4\)

Huawei ≫ Berkeley-l09 Version-

Huawei ≫ Columbia-al10b Firmware Version < 10.0.0.178\(c00e178r1p4\)

Huawei ≫ Columbia-al10b Version-

Huawei ≫ Columbia-l29d Firmware Version < 10.0.0.177\(c10e4r1p4\)

Huawei ≫ Columbia-l29d Version-

Huawei ≫ Columbia-tl00b Firmware Version < 10.0.0.178\(c01e178r1p4\)

Huawei ≫ Columbia-tl00b Version-

Huawei ≫ Columbia-tl00d Firmware Version < 10.0.0.178\(c01e178r1p4\)

Huawei ≫ Columbia-tl00d Version-

Huawei ≫ Cornell-al00a Firmware Version < 9.1.0.340\(c00e333r1p1t8\)

Huawei ≫ Cornell-al00a Version-

Huawei ≫ Cornell-tl10b Firmware Version < 9.1.0.340\(c01e333r1p1t8\)

Huawei ≫ Cornell-tl10b Version-

Huawei ≫ Dura-al00a Firmware Version < 1.0.0.190\(c00\)

Huawei ≫ Dura-al00a Version-

Huawei ≫ Honor 20 Pro Firmware Version < 10.0.0.194\(c636e3r3p1\)

Huawei ≫ Honor 20 Pro Version-

Huawei ≫ Y6 2019 Firmware Version < 9.1.0.290\(c185e5r4p1\)

Huawei ≫ Y6 2019 Version-

Huawei ≫ Nova 3 Firmware Version < 9.1.0.338\(c00e333r1p1t8\)

Huawei ≫ Nova 3 Version-

Huawei ≫ Nova 4 Firmware Version < 10.0.0.160\(c01e32r2p4\)

Huawei ≫ Nova 4 Version-

Huawei ≫ Honor 8a Firmware Version < 9.1.0.291\(c185e3r4p1\)

Huawei ≫ Honor 8a Version-

Huawei ≫ Honor View 20 Firmware Version < 10.0.0.198\(c432e10r3p4\)

Huawei ≫ Honor View 20 Version-

Huawei ≫ Jakarta-al00a Firmware Version < 9.1.0.251\(c00e106r2p2\)

Huawei ≫ Jakarta-al00a Version-

Huawei ≫ Katyusha-al00a Firmware Version < 9.1.0.146\(c00e131r2p2\)

Huawei ≫ Katyusha-al00a Version-

Huawei ≫ Katyusha-al10a Firmware Version < 9.1.0.160\(c00e150r1p7\)

Huawei ≫ Katyusha-al10a Version-

Huawei ≫ Madrid-al00a Firmware Version < 9.1.0.261\(c00e120r4p1\)

Huawei ≫ Madrid-al00a Version-

Huawei ≫ Paris-l29b Firmware Version < 9.1.0.380\(c636e1r1p3t8\)

Huawei ≫ Paris-l29b Version-

Huawei ≫ Princeton-al10b Firmware Version < 10.0.0.194\(c00e61r4p11\)

Huawei ≫ Princeton-al10b Version-

Huawei ≫ Sydney-al00 Firmware Version < 9.1.0.237\(c00e80r1p7t8\)

Huawei ≫ Sydney-al00 Version-

Huawei ≫ Sydney-tl00 Firmware Version < 9.1.0.237\(c01e80r1p7t8\)

Huawei ≫ Sydney-tl00 Version-

Huawei ≫ Sydneym-al00 Firmware Version < 10.0.0.159\(c00e64r1p5\)

Huawei ≫ Sydneym-al00 Version-

Huawei ≫ Tony-al00b Firmware Version < 10.1.0.137\(c00e137r2p11\)

Huawei ≫ Tony-al00b Version-

Huawei ≫ Tony-tl00b Firmware Version < 10.0.0.196\(c01e65r2p11\)

Huawei ≫ Tony-tl00b Version-

Huawei ≫ Yale-al00a Firmware Version < 10.0.0.196\(c00e62r8p12\)

Huawei ≫ Yale-al00a Version-

Huawei ≫ Yale-l21a Firmware Version < 10.0.0.202\(c10e3r3p2\)

Huawei ≫ Yale-l21a Version-

Huawei ≫ Yalep-al10b Firmware Version < 10.0.0.194\(c00e62r8p12\)

Huawei ≫ Yalep-al10b Version-

Huawei ≫ Columbia-l29d Firmware Version < 10.0.0.177\(c432e3r1p4\)

Huawei ≫ Columbia-l29d Version-

Huawei ≫ Honor 20 Pro Firmware Version < 10.0.0.202\(c10e3r3p2\)

Huawei ≫ Honor 20 Pro Version-

Huawei ≫ Y6 2019 Firmware Version < 9.1.0.290\(c431e1r1p8\)

Huawei ≫ Y6 2019 Version-

Huawei ≫ Y6 2019 Firmware Version < 9.1.0.290\(c605e6r1p6\)

Huawei ≫ Y6 2019 Version-

Huawei ≫ Y6 2019 Firmware Version < 9.1.0.295\(c431e5r2p2\)

Huawei ≫ Y6 2019 Version-

Huawei ≫ Honor 8a Firmware Version < 9.1.0.291\(c432e5r2p1\)

Huawei ≫ Honor 8a Version-

Huawei ≫ Honor 8a Firmware Version < 9.1.0.291\(c636e4r4p1\)

Huawei ≫ Honor 8a Version-

Huawei ≫ Honor 8a Firmware Version < 9.1.0.297\(c605e4r4p2\)

Huawei ≫ Honor 8a Version-

Huawei ≫ Honor View 20 Firmware Version < 10.0.0.200\(c185e3r3p3\)

Huawei ≫ Honor View 20 Version-

Huawei ≫ Honor View 20 Firmware Version < 10.0.0.201\(c10e5r4p3\)

Huawei ≫ Honor View 20 Version-

03.11.2021: CISA Known Exploited Vulnerabilities (KEV) Catalog

Mediatek Multiple Chipsets Insufficient Input Validation Vulnerability

Vulnerability

Multiple MediaTek chipsets contain an insufficient input validation vulnerability and have missing SELinux restrictions in the Command Queue drivers ioctl handlers. This causes an out-of-bounds write leading to privilege escalation. This vulnerability was observed chained with CVE-2019-2215 and CVE-2020-0041 under exploit chain "AbstractEmu."

Description

Apply updates per vendor instructions.

Required actions

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.74%	0.72

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	7.2	3.9	10	AV:L/AC:L/Au:N/C:C/I:C/A:C
134c704f-9b21-4f2e-91b3-4a467353bcc0	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

https://source.android.com/security/bulletin/2020-03-01

Vendor Advisory

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200527-01-mtk-en

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2020-0069

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-0069

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-0069

EUVD