← back
CVE-2020-0069

CVE-2020-0069

CVSS 7.8 HIGHEPSS 1.3%● KEVCWE-787
In short

A flaw in the Mediatek Command Queue driver allows an unprivileged local user to write data outside of allocated memory boundaries, potentially enabling privilege escalation on Android devices.

Technical detail

The vulnerability exists in ioctl handlers that fail to properly validate user-supplied input before writing to kernel memory, coupled with missing SELinux restrictions. An attacker with local code execution can craft a malicious ioctl request to trigger an out-of-bounds write, bypassing standard privilege restrictions.

Summary generated and translated by AI from the official description.
In the ioctl handlers of the Mediatek Command Queue driver, there is a possible out of bounds write due to insufficient input sanitization and missing SELinux restrictions. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-147882143References: M-ALPS04356754
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected products
n/a · Android
public PoCs found5
githubgithub.com/R0rt1z2/AutomatedRoot187githubgithub.com/quarkslab/CVE-2020-0069_poc109githubgithub.com/TheRealJunior/mtk-su-reverse-cve-2020-006917githubgithub.com/0xf15h/mtk_su13githubgithub.com/yanglingxi1993/CVE-2020-00690
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://source.android.com/security/bulletin/2020-03-01https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-0069http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200527-01-mtk-en