CVE-2020-0069

HIGH KEV

Mediatek Command Queue driver - Privilege Escalation

Title source: llm

Description

In the ioctl handlers of the Mediatek Command Queue driver, there is a possible out of bounds write due to insufficient input sanitization and missing SELinux restrictions. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-147882143References: M-ALPS04356754

Exploits (6)

nomisec WORKING POC 179 stars
by R0rt1z2 · local
https://github.com/R0rt1z2/AutomatedRoot
nomisec WORKING POC 108 stars
by quarkslab · local
https://github.com/quarkslab/CVE-2020-0069_poc
nomisec WORKING POC 16 stars
by TheRealJunior · poc
https://github.com/TheRealJunior/mtk-su-reverse-cve-2020-0069
nomisec WORKING POC 12 stars
by 0xf15h · local
https://github.com/0xf15h/mtk_su

References (3)

Scores

CVSS v3 7.8
EPSS 0.0071
EPSS Percentile 72.3%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CISA KEV 2021-11-03
VulnCheck KEV 2021-10-28
InTheWild.io 2021-07-23
ENISA EUVD EUVD-2020-1576
CWE
CWE-787
Status published
Products (29)
google/android
huawei/berkeley-l09_firmware < 10.0.0.177\(c10e3r1p4\)
huawei/columbia-al10b_firmware < 10.0.0.178\(c00e178r1p4\)
huawei/columbia-l29d_firmware < 10.0.0.177\(c10e4r1p4\)
huawei/columbia-tl00b_firmware < 10.0.0.178\(c01e178r1p4\)
huawei/columbia-tl00d_firmware < 10.0.0.178\(c01e178r1p4\)
huawei/cornell-al00a_firmware < 9.1.0.340\(c00e333r1p1t8\)
huawei/cornell-tl10b_firmware < 9.1.0.340\(c01e333r1p1t8\)
huawei/dura-al00a_firmware < 1.0.0.190\(c00\)
huawei/honor_20_pro_firmware < 10.0.0.194\(c636e3r3p1\)
... and 19 more
Published Mar 10, 2020
KEV Added Nov 03, 2021
Tracked Since Feb 18, 2026