Attacker Value
Unknown
CVE-2020-0069
CVE-2020-0069
(Last updated July 26, 2024) ▾
MITRE ATT&CK
Log in to add MITRE ATT&CK tag
Add MITRE ATT&CK tactics and techniques that apply to this CVE.
Description
In the ioctl handlers of the Mediatek Command Queue driver, there is a possible out of bounds write due to insufficient input sanitization and missing SELinux restrictions. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-147882143References: M-ALPS04356754
Add Assessment
No one has assessed this topic. Be the first to add your voice to the community.
CVSS V3 Severity and Metrics
Data provided by the National Vulnerability Database (NVD)
Base Score:
7.8 High
Impact Score:
5.9
Exploitability Score:
1.8
Attack Vector (AV):
Local
Attack Complexity (AC):
Low
Privileges Required (PR):
Low
User Interaction (UI):
None
Scope (S):
Unchanged
Confidentiality (C):
High
Integrity (I):
High
Availability (A):
High
General Information
Products
- android -,
- berkeley-l09 firmware,
- columbia-al10b firmware,
- columbia-l29d firmware,
- columbia-tl00b firmware,
- columbia-tl00d firmware,
- cornell-al00a firmware,
- cornell-tl10b firmware,
- dura-al00a firmware,
- honor 20 pro firmware,
- honor 8a firmware,
- honor view 20 firmware,
- jakarta-al00a firmware,
- katyusha-al00a firmware,
- katyusha-al10a firmware,
- madrid-al00a firmware,
- nova 3 firmware,
- nova 4 firmware,
- paris-l29b firmware,
- princeton-al10b firmware,
- sydney-al00 firmware,
- sydney-tl00 firmware,
- sydneym-al00 firmware,
- tony-al00b firmware,
- tony-tl00b firmware,
- y6 2019 firmware,
- yale-al00a firmware,
- yale-l21a firmware,
- yalep-al10b firmware
