CyberSec.Space Logo
返回 CVE 浏览器

CVE-2020-0069

Known Exploited (CISA KEV)HIGH
7.8
CVSS Severity Score
EPSS Score38.1650%
EPSS Percentile98.58th
Published2020年3月10日
Last Modified2025年10月23日

Vulnerability Description

In the ioctl handlers of the Mediatek Command Queue driver, there is a possible out of bounds write due to insufficient input sanitization and missing SELinux restrictions. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-147882143References: M-ALPS04356754

Affected Platforms (CPE)

💻
Google

Android

All versions
💻
Huawei

Berkeley L09 Firmware

< 10.0.0.177\(c10e3r1p4\)
💻
Huawei

Columbia Al10b Firmware

< 10.0.0.178\(c00e178r1p4\)
💻
Huawei

Columbia L29d Firmware

< 10.0.0.177\(c10e4r1p4\)
💻
Huawei

Columbia Tl00b Firmware

< 10.0.0.178\(c01e178r1p4\)
💻
Huawei

Columbia Tl00d Firmware

< 10.0.0.178\(c01e178r1p4\)
💻
Huawei

Cornell Al00a Firmware

< 9.1.0.340\(c00e333r1p1t8\)
💻
Huawei

Cornell Tl10b Firmware

< 9.1.0.340\(c01e333r1p1t8\)
💻
Huawei

Dura Al00a Firmware

< 1.0.0.190\(c00\)
💻
Huawei

Honor 20 Pro Firmware

< 10.0.0.194\(c636e3r3p1\)
💻
Huawei

Y6 2019 Firmware

< 9.1.0.290\(c185e5r4p1\)
💻
Huawei

Nova 3 Firmware

< 9.1.0.338\(c00e333r1p1t8\)
💻
Huawei

Nova 4 Firmware

< 10.0.0.160\(c01e32r2p4\)
💻
Huawei

Honor 8a Firmware

< 9.1.0.291\(c185e3r4p1\)
💻
Huawei

Honor View 20 Firmware

< 10.0.0.198\(c432e10r3p4\)
💻
Huawei

Jakarta Al00a Firmware

< 9.1.0.251\(c00e106r2p2\)
💻
Huawei

Katyusha Al00a Firmware

< 9.1.0.146\(c00e131r2p2\)
💻
Huawei

Katyusha Al10a Firmware

< 9.1.0.160\(c00e150r1p7\)
💻
Huawei

Madrid Al00a Firmware

< 9.1.0.261\(c00e120r4p1\)
💻
Huawei

Paris L29b Firmware

< 9.1.0.380\(c636e1r1p3t8\)
💻
Huawei

Princeton Al10b Firmware

< 10.0.0.194\(c00e61r4p11\)
💻
Huawei

Sydney Al00 Firmware

< 9.1.0.237\(c00e80r1p7t8\)
💻
Huawei

Sydney Tl00 Firmware

< 9.1.0.237\(c01e80r1p7t8\)
💻
Huawei

Sydneym Al00 Firmware

< 10.0.0.159\(c00e64r1p5\)
💻
Huawei

Tony Al00b Firmware

< 10.1.0.137\(c00e137r2p11\)
💻
Huawei

Tony Tl00b Firmware

< 10.0.0.196\(c01e65r2p11\)
💻
Huawei

Yale Al00a Firmware

< 10.0.0.196\(c00e62r8p12\)
💻
Huawei

Yale L21a Firmware

< 10.0.0.202\(c10e3r3p2\)
💻
Huawei

Yalep Al10b Firmware

< 10.0.0.194\(c00e62r8p12\)
💻
Huawei

Columbia L29d Firmware

< 10.0.0.177\(c432e3r1p4\)
💻
Huawei

Honor 20 Pro Firmware

< 10.0.0.202\(c10e3r3p2\)
💻
Huawei

Y6 2019 Firmware

< 9.1.0.290\(c431e1r1p8\)
💻
Huawei

Y6 2019 Firmware

< 9.1.0.290\(c605e6r1p6\)
💻
Huawei

Y6 2019 Firmware

< 9.1.0.295\(c431e5r2p2\)
💻
Huawei

Honor 8a Firmware

< 9.1.0.291\(c432e5r2p1\)
💻
Huawei

Honor 8a Firmware

< 9.1.0.291\(c636e4r4p1\)
💻
Huawei

Honor 8a Firmware

< 9.1.0.297\(c605e4r4p2\)
💻
Huawei

Honor View 20 Firmware

< 10.0.0.200\(c185e3r3p3\)
💻
Huawei

Honor View 20 Firmware

< 10.0.0.201\(c10e5r4p3\)

References & Advisories

🔗 http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200527-01-mtk-en
🔗 https://source.android.com/security/bulletin/2020-03-01
🔗 http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200527-01-mtk-en
🔗 https://source.android.com/security/bulletin/2020-03-01
🔗 https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-0069

相关漏洞威胁

CVE-2012-525410.0

Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 ...

CVE-2012-525510.0

Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 ...

CVE-2019-1106310.0

A broken access control vulnerability in SmartHome app (Android versions up to 3.0.42_190515, ios versions up to 2.0.22) allows an...

CVE-2012-525610.0

Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11....