CVE-2020-0069
7.8
Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Exploitability: 1.8 / Impact: 5.9
Source: NVD
Description
In the ioctl handlers of the Mediatek Command Queue driver, there is a possible out of bounds write due to insufficient input sanitization and missing SELinux restrictions. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-147882143References: M-ALPS04356754
Affected (39)
Products: Google: Android · Huawei: Berkeley L09 Firmware, Columbia Al10b Firmware, Columbia L29d Firmware, Columbia Tl00b Firmware, Columbia Tl00d Firmware, Cornell Al00a Firmware, Cornell Tl10b Firmware, Dura Al00a Firmware, Honor 20 Pro Firmware, Y6 2019 Firmware, Nova 3 Firmware, Nova 4 Firmware, Honor 8a Firmware, Honor View 20 Firmware, Jakarta Al00a Firmware, Katyusha Al00a Firmware, Katyusha Al10a Firmware, Madrid Al00a Firmware, Paris L29b Firmware, Princeton Al10b Firmware, Sydney Al00 Firmware, Sydney Tl00 Firmware, Sydneym Al00 Firmware, Tony Al00b Firmware, Tony Tl00b Firmware, Yale Al00a Firmware, Yale L21a Firmware, Yalep Al10b Firmware
Configuration B
| Vulnerable Software | Affected Versions |
|---|---|
| Before 10.0.0.177\(c10e3r1p4\) |
| Running on/with | Platform Versions |
|---|---|
Huawei Berkeley L09 | All versions |
Configuration C
| Vulnerable Software | Affected Versions |
|---|---|
| Before 10.0.0.178\(c00e178r1p4\) |
| Running on/with | Platform Versions |
|---|---|
Huawei Columbia Al10b | All versions |
Configuration D
| Vulnerable Software | Affected Versions |
|---|---|
| Before 10.0.0.177\(c10e4r1p4\) |
Configuration E
| Vulnerable Software | Affected Versions |
|---|---|
| Before 10.0.0.178\(c01e178r1p4\) |
| Running on/with | Platform Versions |
|---|---|
Huawei Columbia Tl00b | All versions |
Configuration F
| Vulnerable Software | Affected Versions |
|---|---|
| Before 10.0.0.178\(c01e178r1p4\) |
| Running on/with | Platform Versions |
|---|---|
Huawei Columbia Tl00d | All versions |
Configuration G
| Vulnerable Software | Affected Versions |
|---|---|
| Before 9.1.0.340\(c00e333r1p1t8\) |
| Running on/with | Platform Versions |
|---|---|
Huawei Cornell Al00a | All versions |
Configuration H
| Vulnerable Software | Affected Versions |
|---|---|
| Before 9.1.0.340\(c01e333r1p1t8\) |
| Running on/with | Platform Versions |
|---|---|
Huawei Cornell Tl10b | All versions |
Configuration I
| Vulnerable Software | Affected Versions |
|---|---|
| Before 1.0.0.190\(c00\) |
| Running on/with | Platform Versions |
|---|---|
Huawei Dura Al00a | All versions |
Configuration J
| Vulnerable Software | Affected Versions |
|---|---|
| Before 10.0.0.194\(c636e3r3p1\) |
Configuration K
| Vulnerable Software | Affected Versions |
|---|---|
| Before 9.1.0.290\(c185e5r4p1\) |
Configuration L
| Vulnerable Software | Affected Versions |
|---|---|
| Before 9.1.0.338\(c00e333r1p1t8\) |
| Running on/with | Platform Versions |
|---|---|
Huawei Nova 3 | All versions |
Configuration M
| Vulnerable Software | Affected Versions |
|---|---|
| Before 10.0.0.160\(c01e32r2p4\) |
| Running on/with | Platform Versions |
|---|---|
Huawei Nova 4 | All versions |
Configuration N
| Vulnerable Software | Affected Versions |
|---|---|
| Before 9.1.0.291\(c185e3r4p1\) |
Configuration O
| Vulnerable Software | Affected Versions |
|---|---|
| Before 10.0.0.198\(c432e10r3p4\) |
Configuration P
| Vulnerable Software | Affected Versions |
|---|---|
| Before 9.1.0.251\(c00e106r2p2\) |
| Running on/with | Platform Versions |
|---|---|
Huawei Jakarta Al00a | All versions |
Configuration Q
| Vulnerable Software | Affected Versions |
|---|---|
| Before 9.1.0.146\(c00e131r2p2\) |
| Running on/with | Platform Versions |
|---|---|
Huawei Katyusha Al00a | All versions |
Configuration R
| Vulnerable Software | Affected Versions |
|---|---|
| Before 9.1.0.160\(c00e150r1p7\) |
| Running on/with | Platform Versions |
|---|---|
Huawei Katyusha Al10a | All versions |
Configuration S
| Vulnerable Software | Affected Versions |
|---|---|
| Before 9.1.0.261\(c00e120r4p1\) |
| Running on/with | Platform Versions |
|---|---|
Huawei Madrid Al00a | All versions |
Configuration T
| Vulnerable Software | Affected Versions |
|---|---|
| Before 9.1.0.380\(c636e1r1p3t8\) |
| Running on/with | Platform Versions |
|---|---|
Huawei Paris L29b | All versions |
Configuration U
| Vulnerable Software | Affected Versions |
|---|---|
| Before 10.0.0.194\(c00e61r4p11\) |
| Running on/with | Platform Versions |
|---|---|
Huawei Princeton Al10b | All versions |
Configuration V
| Vulnerable Software | Affected Versions |
|---|---|
| Before 9.1.0.237\(c00e80r1p7t8\) |
| Running on/with | Platform Versions |
|---|---|
Huawei Sydney Al00 | All versions |
Configuration W
| Vulnerable Software | Affected Versions |
|---|---|
| Before 9.1.0.237\(c01e80r1p7t8\) |
| Running on/with | Platform Versions |
|---|---|
Huawei Sydney Tl00 | All versions |
Configuration X
| Vulnerable Software | Affected Versions |
|---|---|
| Before 10.0.0.159\(c00e64r1p5\) |
| Running on/with | Platform Versions |
|---|---|
Huawei Sydneym Al00 | All versions |
Configuration Y
| Vulnerable Software | Affected Versions |
|---|---|
| Before 10.1.0.137\(c00e137r2p11\) |
| Running on/with | Platform Versions |
|---|---|
Huawei Tony Al00b | All versions |
Configuration Z
| Vulnerable Software | Affected Versions |
|---|---|
| Before 10.0.0.196\(c01e65r2p11\) |
| Running on/with | Platform Versions |
|---|---|
Huawei Tony Tl00b | All versions |
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| Before 10.0.0.196\(c00e62r8p12\) |
| Running on/with | Platform Versions |
|---|---|
Huawei Yale Al00a | All versions |
Configuration B
| Vulnerable Software | Affected Versions |
|---|---|
| Before 10.0.0.202\(c10e3r3p2\) |
| Running on/with | Platform Versions |
|---|---|
Huawei Yale L21a | All versions |
Configuration C
| Vulnerable Software | Affected Versions |
|---|---|
| Before 10.0.0.194\(c00e62r8p12\) |
| Running on/with | Platform Versions |
|---|---|
Huawei Yalep Al10b | All versions |
Configuration D
| Vulnerable Software | Affected Versions |
|---|---|
| Before 10.0.0.177\(c432e3r1p4\) |
| Running on/with | Platform Versions |
|---|---|
Huawei Columbia L29d | All versions |
Configuration E
| Vulnerable Software | Affected Versions |
|---|---|
| Before 10.0.0.202\(c10e3r3p2\) |
| Running on/with | Platform Versions |
|---|---|
Huawei Honor 20 Pro | All versions |
Configuration F
| Vulnerable Software | Affected Versions |
|---|---|
| Before 9.1.0.290\(c431e1r1p8\) |
Configuration G
| Vulnerable Software | Affected Versions |
|---|---|
| Before 9.1.0.290\(c605e6r1p6\) |
Configuration H
| Vulnerable Software | Affected Versions |
|---|---|
| Before 9.1.0.295\(c431e5r2p2\) |
| Running on/with | Platform Versions |
|---|---|
Huawei Y6 2019 | All versions |
Configuration I
| Vulnerable Software | Affected Versions |
|---|---|
| Before 9.1.0.291\(c432e5r2p1\) |
Configuration J
| Vulnerable Software | Affected Versions |
|---|---|
| Before 9.1.0.291\(c636e4r4p1\) |
Configuration K
| Vulnerable Software | Affected Versions |
|---|---|
| Before 9.1.0.297\(c605e4r4p2\) |
| Running on/with | Platform Versions |
|---|---|
Huawei Honor 8a | All versions |
Configuration L
| Vulnerable Software | Affected Versions |
|---|---|
| Before 10.0.0.200\(c185e3r3p3\) |
Configuration M
| Vulnerable Software | Affected Versions |
|---|---|
| Before 10.0.0.201\(c10e5r4p3\) |
| Running on/with | Platform Versions |
|---|---|
Huawei Honor View 20 | All versions |
References (5)
Source: security@android.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Third Party AdvisoryUS Government Resource
Timeline
No history available yet.