⚠ Actively exploited

Added to CISA KEV on 2021-11-03. Federal agencies required to patch by 2022-05-03. Required action: Apply updates per vendor instructions..

CVE-2020-0069

CWE-787 — Out-of-bounds Write CWE-20 — Improper Input Validation CWE-416 — Use After Free CWE-77 — Command Injection9 documents7 sources

Severity

7.8HIGH

EPSS

0.7%

top 27.82%

CISA KEV

KEV

Added 2021-11-03

Due 2022-05-03

Exploit

Exploited in wild

Active exploitation observed

Affected products

Huawei Berkeley-l09 Firmware Huawei Columbia-al10b Firmware Huawei Columbia-l29d Firmware +25 more

Timeline

PublishedMar 10

KEV addedNov 3

KEV dueMay 3

Latest updateMay 24

CISA Required Action: Apply updates per vendor instructions.

Description

In the ioctl handlers of the Mediatek Command Queue driver, there is a possible out of bounds write due to insufficient input sanitization and missing SELinux restrictions. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-147882143References: M-ALPS04356754

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages29 packages

▶CVEListV5androidAndroid kernel

▶NVDhuawei/nova_3_firmware< 9.1.0.338\(c00e333r1p1t8\)

▶NVDhuawei/nova_4_firmware< 10.0.0.160\(c01e32r2p4\)

▶NVDhuawei/y6_2019_firmware< 9.1.0.290\(c185e5r4p1\)+3

▶NVDhuawei/honor_8a_firmware< 9.1.0.291\(c185e3r4p1\)+3

🔴Vulnerability Details

GHSA

GHSA-xx48-fp29-wh9j: In the ioctl handlers of the Mediatek Command Queue driver, there is a possible out of bounds write due to insufficient input sanitization and missing↗2022-05-24

▶

GHSA

Argument injection in lettre↗2021-08-25

▶

CVEList

CVE-2020-0069: In the ioctl handlers of the Mediatek Command Queue driver, there is a possible out of bounds write due to insufficient input sanitization and missing↗2020-03-10

▶

VulnCheck

Mediatek Multiple Chipsets Insufficient Input Validation Vulnerability↗2020

▶

📋Vendor Advisories

CISA

Mediatek Multiple Chipsets Insufficient Input Validation Vulnerability↗2021-11-03

▶

CISA

Android Kernel Out-of-Bounds Write Vulnerability↗2021-11-03

▶

CISA

Android Kernel Use-After-Free Vulnerability↗2021-11-03

▶

Android

CVE-2020-0069: System↗2020-03-01

▶

External resources

NVD MITRE CISA KEV

Affected products28

Huawei Berkeley-l09 Firmwarefixed in 10.0.0.177\(c10e3r1p4\)

Huawei Columbia-al10b Firmwarefixed in 10.0.0.178\(c00e178r1p4\)

Huawei Columbia-l29d Firmwarefixed in 10.0.0.177\(c10e4r1p4\)fixed in 10.0.0.177\(c432e3r1p4\)

Huawei Columbia-tl00b Firmwarefixed in 10.0.0.178\(c01e178r1p4\)

Huawei Columbia-tl00d Firmwarefixed in 10.0.0.178\(c01e178r1p4\)

Huawei Cornell-al00a Firmwarefixed in 9.1.0.340\(c00e333r1p1t8\)

Huawei Cornell-tl10b Firmwarefixed in 9.1.0.340\(c01e333r1p1t8\)

Huawei Dura-al00a Firmwarefixed in 1.0.0.190\(c00\)

Huawei Honor 20 PRO Firmwarefixed in 10.0.0.194\(c636e3r3p1\)fixed in 10.0.0.202\(c10e3r3p2\)

Huawei Honor 8A Firmwarefixed in 9.1.0.291\(c185e3r4p1\)fixed in 9.1.0.291\(c432e5r2p1\)fixed in 9.1.0.291\(c636e4r4p1\)+1 more

Disclosure

PublishedMar 10, 2020

KEV addedNov 3, 2021

KEV dueMay 3, 2022

Latest updateMay 24, 2022