CVE-2020-0069: Mediatek Multiple Chipsets Insufficient Input Validation Vulnerability
First published: Mon Mar 02 2020(Updated: )
In the ioctl handlers of the Mediatek Command Queue driver, there is a possible out of bounds write due to insufficient input sanitization and missing SELinux restrictions. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-147882143References: M-ALPS04356754
Credit: security@android.com security@android.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| MediaTek Multiple Chipsets | ||
| Android | ||
| Android | ||
| All of | ||
| Huawei Berkeley-L09 | <10.0.0.177\(c10e3r1p4\) | |
| Huawei Berkeley-L09 Firmware | ||
| All of | ||
| Huawei Columbia-AL10B | <10.0.0.178\(c00e178r1p4\) | |
| Huawei Columbia-AL10B Firmware | ||
| All of | ||
| Huawei LON-L29D | <10.0.0.177\(c10e4r1p4\) | |
| Huawei Columbia-L29D Firmware | ||
| All of | ||
| Huawei Columbia-TL00B | <10.0.0.178\(c01e178r1p4\) | |
| Huawei Columbia-TL00B | ||
| All of | ||
| Huawei Columbia-TL00D | <10.0.0.178\(c01e178r1p4\) | |
| Huawei Columbia-TL00D Firmware | ||
| All of | ||
| Huawei Cornell-AL00A Firmware | <9.1.0.340\(c00e333r1p1t8\) | |
| Huawei Cornell-AL00A Firmware | ||
| All of | ||
| Huawei Cornell-TL10B | <9.1.0.340\(c01e333r1p1t8\) | |
| Huawei Cornell-TL10B Firmware | ||
| All of | ||
| Huawei Dubai-AL00A | <1.0.0.190\(c00\) | |
| Huawei Dubai-AL00A | ||
| All of | ||
| Huawei Honor 20 Pro Firmware | <10.0.0.194\(c636e3r3p1\) | |
| Huawei HONOR 20 PRO | ||
| All of | ||
| Huawei Y6 2019 | <9.1.0.290\(c185e5r4p1\) | |
| Huawei Y6 2019 | ||
| All of | ||
| Huawei Nova 3 Firmware | <9.1.0.338\(c00e333r1p1t8\) | |
| Huawei Nova 3 Firmware | ||
| All of | ||
| Huawei Nova 4 Firmware | <10.0.0.160\(c01e32r2p4\) | |
| Huawei Nova 4 Firmware | ||
| All of | ||
| Huawei Honor 8A Firmware | <9.1.0.291\(c185e3r4p1\) | |
| Huawei Honor 8A Firmware | ||
| All of | ||
| HUAWEI Honor V20 firmware | <10.0.0.198\(c432e10r3p4\) | |
| Huawei Honor View 20 Firmware | ||
| All of | ||
| Huawei Jakarta-AL00a | <9.1.0.251\(c00e106r2p2\) | |
| Huawei Jakarta-AL00a Firmware | ||
| All of | ||
| Huawei Katyusha AL00A | <9.1.0.146\(c00e131r2p2\) | |
| Huawei Katyusha AL00A | ||
| All of | ||
| Huawei Katyusha-AL10A | <9.1.0.160\(c00e150r1p7\) | |
| Huawei Katyusha-al10a Firmware | ||
| All of | ||
| Huawei Madrid-AL00a Firmware | <9.1.0.261\(c00e120r4p1\) | |
| Huawei Madrid-AL00a Firmware | ||
| All of | ||
| Huawei PARIS-L29B | <9.1.0.380\(c636e1r1p3t8\) | |
| Huawei EVER-L29B | ||
| All of | ||
| Huawei Princeton-AL10B | <10.0.0.194\(c00e61r4p11\) | |
| Huawei Princeton-AL10B Firmware | ||
| All of | ||
| Huawei Sydney-AL00 | <9.1.0.237\(c00e80r1p7t8\) | |
| Huawei Sydney-AL00 Firmware | ||
| All of | ||
| Huawei Sydney-TL00 | <9.1.0.237\(c01e80r1p7t8\) | |
| Huawei Sydney-TL00 Firmware | ||
| All of | ||
| Huawei SydneyM-AL00 Firmware | <10.0.0.159\(c00e64r1p5\) | |
| Huawei SydneyM-AL00 Firmware | ||
| All of | ||
| Huawei Tony-AL00b | <10.1.0.137\(c00e137r2p11\) | |
| Huawei Tony-AL00B Firmware | ||
| All of | ||
| Huawei Tony-AL00B Firmware | <10.0.0.196\(c01e65r2p11\) | |
| Huawei Tony-TL00B Firmware | ||
| All of | ||
| Huawei Yale-AL00A | <10.0.0.196\(c00e62r8p12\) | |
| Huawei Yale-AL00A | ||
| All of | ||
| Huawei Yale-l21a | <10.0.0.202\(c10e3r3p2\) | |
| Huawei Y6 | ||
| All of | ||
| Huawei YaleP-AL10B | <10.0.0.194\(c00e62r8p12\) | |
| Huawei YaleP-AL10B | ||
| All of | ||
| Huawei LON-L29D | <10.0.0.177\(c432e3r1p4\) | |
| Huawei Columbia-L29D Firmware | ||
| All of | ||
| Huawei Honor 20 Pro Firmware | <10.0.0.202\(c10e3r3p2\) | |
| Huawei HONOR 20 PRO | ||
| All of | ||
| Huawei Y6 2019 | <9.1.0.290\(c431e1r1p8\) | |
| Huawei Y6 2019 | ||
| All of | ||
| Huawei Y6 2019 | <9.1.0.290\(c605e6r1p6\) | |
| Huawei Y6 2019 | ||
| All of | ||
| Huawei Y6 2019 | <9.1.0.295\(c431e5r2p2\) | |
| Huawei Y6 2019 | ||
| All of | ||
| Huawei Honor 8A Firmware | <9.1.0.291\(c432e5r2p1\) | |
| Huawei Honor 8A Firmware | ||
| All of | ||
| Huawei Honor 8A Firmware | <9.1.0.291\(c636e4r4p1\) | |
| Huawei Honor 8A Firmware | ||
| All of | ||
| Huawei Honor 8A Firmware | <9.1.0.297\(c605e4r4p2\) | |
| Huawei Honor 8A Firmware | ||
| All of | ||
| HUAWEI Honor V20 firmware | <10.0.0.200\(c185e3r3p3\) | |
| Huawei Honor View 20 Firmware | ||
| All of | ||
| HUAWEI Honor V20 firmware | <10.0.0.201\(c10e5r4p3\) | |
| Huawei Honor View 20 Firmware |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200527-01-mtk-en
- https://source.android.com/security/bulletin/2020-03-01
- https://source.android.com/docs/security/bulletin/2020-03-01/#asterisk
- https://source.android.com/docs/security/bulletin/2020-03-01 (Advisory)
- https://nvd.nist.gov/vuln/detail/CVE-2020-0069
Frequently Asked Questions
What is the severity of CVE-2020-0069?
The severity of CVE-2020-0069 is classified as critical due to the potential for local escalation of privilege.
How do I fix CVE-2020-0069?
To fix CVE-2020-0069, update the affected Mediatek Command Queue driver to the latest version that includes proper input sanitization and SELinux restrictions.
Who is affected by CVE-2020-0069?
CVE-2020-0069 affects devices running specific versions of Google Android and Mediatek multiple chipsets.
What types of devices are vulnerable to CVE-2020-0069?
Vulnerable devices include a variety of Huawei smartphones utilizing specific chipsets and firmware versions.
Is user interaction required to exploit CVE-2020-0069?
No, user interaction is not required to exploit CVE-2020-0069 as it allows for local privilege escalation.
- agent/type
- agent/first-publish-date
- agent/description
- agent/title
- agent/severity
- agent/weakness
- agent/author
- exploited/true
- collector/cisa-known-exploited
- source/CISA
- agent/software-canonical-lookup
- agent/references
- agent/event
- agent/source
- agent/tags
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/softwarecombine
- collector/android-source
- source/Android
- agent/software-canonical-lookup-request
- collector/nvd-api
- source/NVD
- collector/nvd-cve
- collector/nvd-index
- vendor/mediatek
- canonical/mediatek multiple chipsets
- vendor/google
- canonical/android
- vendor/huawei
- canonical/huawei berkeley-l09
- canonical/huawei berkeley-l09 firmware
- canonical/huawei columbia-al10b
- canonical/huawei columbia-al10b firmware
- canonical/huawei lon-l29d
- canonical/huawei columbia-l29d firmware
- canonical/huawei columbia-tl00b
- canonical/huawei columbia-tl00d
- canonical/huawei columbia-tl00d firmware
- canonical/huawei cornell-al00a firmware
- canonical/huawei cornell-tl10b
- canonical/huawei cornell-tl10b firmware
- canonical/huawei dubai-al00a
- canonical/huawei honor 20 pro firmware
- canonical/huawei honor 20 pro
- canonical/huawei y6 2019
- canonical/huawei nova 3 firmware
- canonical/huawei nova 4 firmware
- canonical/huawei honor 8a firmware
- canonical/huawei honor v20 firmware
- canonical/huawei honor view 20 firmware
- canonical/huawei jakarta-al00a
- canonical/huawei jakarta-al00a firmware
- canonical/huawei katyusha al00a
- canonical/huawei katyusha-al10a
- canonical/huawei katyusha-al10a firmware
- canonical/huawei madrid-al00a firmware
- canonical/huawei paris-l29b
- canonical/huawei ever-l29b
- canonical/huawei princeton-al10b
- canonical/huawei princeton-al10b firmware
- canonical/huawei sydney-al00
- canonical/huawei sydney-al00 firmware
- canonical/huawei sydney-tl00
- canonical/huawei sydney-tl00 firmware
- canonical/huawei sydneym-al00 firmware
- canonical/huawei tony-al00b
- canonical/huawei tony-al00b firmware
- canonical/huawei tony-tl00b firmware
- canonical/huawei yale-al00a
- canonical/huawei yale-l21a
- canonical/huawei y6
- canonical/huawei yalep-al10b