CVE-2020-0069: In the ioctl handlers of the Mediatek Command Queue driver, there is a possible out of bounds write due to insufficient input sanitization and missing SELinux…

high7.8CVSS 3.1

AVLACLPRLUINSUCHIHAH

KEVITW

CISA Known Exploited Vulnerabilitydue 2022-05-03

Exploited in the wild

In the ioctl handlers of the Mediatek Command Queue driver, there is a possible out of bounds write due to insufficient input sanitization and missing SELinux restrictions. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-147882143References: M-ALPS04356754

Affected

42 ranges· showing 25

Vendor	Product	Version range	Fixed in
google	android	—	—
huawei	berkeley-l09_firmware	< 10.0.0.177\(c10e3r1p4\)	10.0.0.177\(c10e3r1p4\)
huawei	columbia-al10b_firmware	< 10.0.0.178\(c00e178r1p4\)	10.0.0.178\(c00e178r1p4\)
huawei	columbia-l29d_firmware	< 10.0.0.177\(c10e4r1p4\)	10.0.0.177\(c10e4r1p4\)
huawei	columbia-l29d_firmware	< 10.0.0.177\(c432e3r1p4\)	10.0.0.177\(c432e3r1p4\)
huawei	columbia-tl00b_firmware	< 10.0.0.178\(c01e178r1p4\)	10.0.0.178\(c01e178r1p4\)
huawei	columbia-tl00d_firmware	< 10.0.0.178\(c01e178r1p4\)	10.0.0.178\(c01e178r1p4\)
huawei	cornell-al00a_firmware	< 9.1.0.340\(c00e333r1p1t8\)	9.1.0.340\(c00e333r1p1t8\)
huawei	cornell-tl10b_firmware	< 9.1.0.340\(c01e333r1p1t8\)	9.1.0.340\(c01e333r1p1t8\)
huawei	dura-al00a_firmware	< 1.0.0.190\(c00\)	1.0.0.190\(c00\)
huawei	honor_20_pro_firmware	< 10.0.0.194\(c636e3r3p1\)	10.0.0.194\(c636e3r3p1\)
huawei	honor_20_pro_firmware	< 10.0.0.202\(c10e3r3p2\)	10.0.0.202\(c10e3r3p2\)
huawei	honor_8a_firmware	< 9.1.0.291\(c185e3r4p1\)	9.1.0.291\(c185e3r4p1\)
huawei	honor_8a_firmware	< 9.1.0.291\(c432e5r2p1\)	9.1.0.291\(c432e5r2p1\)
huawei	honor_8a_firmware	< 9.1.0.291\(c636e4r4p1\)	9.1.0.291\(c636e4r4p1\)
huawei	honor_8a_firmware	< 9.1.0.297\(c605e4r4p2\)	9.1.0.297\(c605e4r4p2\)
huawei	honor_view_20_firmware	< 10.0.0.198\(c432e10r3p4\)	10.0.0.198\(c432e10r3p4\)
huawei	honor_view_20_firmware	< 10.0.0.200\(c185e3r3p3\)	10.0.0.200\(c185e3r3p3\)
huawei	honor_view_20_firmware	< 10.0.0.201\(c10e5r4p3\)	10.0.0.201\(c10e5r4p3\)
huawei	jakarta-al00a_firmware	< 9.1.0.251\(c00e106r2p2\)	9.1.0.251\(c00e106r2p2\)
huawei	katyusha-al00a_firmware	< 9.1.0.146\(c00e131r2p2\)	9.1.0.146\(c00e131r2p2\)
huawei	katyusha-al10a_firmware	< 9.1.0.160\(c00e150r1p7\)	9.1.0.160\(c00e150r1p7\)
huawei	madrid-al00a_firmware	< 9.1.0.261\(c00e120r4p1\)	9.1.0.261\(c00e120r4p1\)
huawei	nova_3_firmware	< 9.1.0.338\(c00e333r1p1t8\)	9.1.0.338\(c00e333r1p1t8\)
huawei	nova_4_firmware	< 10.0.0.160\(c01e32r2p4\)	10.0.0.160\(c01e32r2p4\)

CVSS provenance

nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

ghsa5.3MEDIUM

vulncheck7.8HIGH

cisa7.8HIGH