ID

VAR-202003-0573


CVE

CVE-2020-0069


TITLE

Android Out-of-bounds write vulnerability in kernel

Trust: 0.8

sources: JVNDB: JVNDB-2020-002589

DESCRIPTION

In the ioctl handlers of the Mediatek Command Queue driver, there is a possible out of bounds write due to insufficient input sanitization and missing SELinux restrictions. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-147882143References: M-ALPS04356754. Android An out-of-bounds write vulnerability exists in the kernel. This vulnerability is Android ID: A-147882143 and References: M-ALPS04356754 It is published as.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state

Trust: 1.71

sources: NVD: CVE-2020-0069 // JVNDB: JVNDB-2020-002589 // VULMON: CVE-2020-0069

AFFECTED PRODUCTS

vendor:huaweimodel:tony-tl00bscope:ltversion:10.0.0.196\(c01e65r2p11\)

Trust: 1.0

vendor:huaweimodel:columbia-l29dscope:ltversion:10.0.0.177\(c432e3r1p4\)

Trust: 1.0

vendor:huaweimodel:katyusha-al10ascope:ltversion:9.1.0.160\(c00e150r1p7\)

Trust: 1.0

vendor:huaweimodel:dura-al00ascope:ltversion:1.0.0.190\(c00\)

Trust: 1.0

vendor:huaweimodel:sydney-al00scope:ltversion:9.1.0.237\(c00e80r1p7t8\)

Trust: 1.0

vendor:huaweimodel:katyusha-al00ascope:ltversion:9.1.0.146\(c00e131r2p2\)

Trust: 1.0

vendor:huaweimodel:yalep-al10bscope:ltversion:10.0.0.194\(c00e62r8p12\)

Trust: 1.0

vendor:huaweimodel:honor 8ascope:ltversion:9.1.0.291\(c185e3r4p1\)

Trust: 1.0

vendor:huaweimodel:yale-al00ascope:ltversion:10.0.0.196\(c00e62r8p12\)

Trust: 1.0

vendor:huaweimodel:columbia-l29dscope:ltversion:10.0.0.177\(c10e4r1p4\)

Trust: 1.0

vendor:huaweimodel:jakarta-al00ascope:ltversion:9.1.0.251\(c00e106r2p2\)

Trust: 1.0

vendor:googlemodel:androidscope:eqversion: -

Trust: 1.0

vendor:huaweimodel:nova 4scope:ltversion:10.0.0.160\(c01e32r2p4\)

Trust: 1.0

vendor:huaweimodel:columbia-al10bscope:ltversion:10.0.0.178\(c00e178r1p4\)

Trust: 1.0

vendor:huaweimodel:nova 3scope:ltversion:9.1.0.338\(c00e333r1p1t8\)

Trust: 1.0

vendor:huaweimodel:honor 20 proscope:ltversion:10.0.0.202\(c10e3r3p2\)

Trust: 1.0

vendor:huaweimodel:honor 8ascope:ltversion:9.1.0.291\(c636e4r4p1\)

Trust: 1.0

vendor:huaweimodel:berkeley-l09scope:ltversion:10.0.0.177\(c10e3r1p4\)

Trust: 1.0

vendor:huaweimodel:sydney-tl00scope:ltversion:9.1.0.237\(c01e80r1p7t8\)

Trust: 1.0

vendor:huaweimodel:columbia-tl00bscope:ltversion:10.0.0.178\(c01e178r1p4\)

Trust: 1.0

vendor:huaweimodel:honor view 20scope:ltversion:10.0.0.198\(c432e10r3p4\)

Trust: 1.0

vendor:huaweimodel:tony-al00bscope:ltversion:10.1.0.137\(c00e137r2p11\)

Trust: 1.0

vendor:huaweimodel:y6 2019scope:ltversion:9.1.0.295\(c431e5r2p2\)

Trust: 1.0

vendor:huaweimodel:paris-l29bscope:ltversion:9.1.0.380\(c636e1r1p3t8\)

Trust: 1.0

vendor:huaweimodel:honor view 20scope:ltversion:10.0.0.201\(c10e5r4p3\)

Trust: 1.0

vendor:huaweimodel:honor 8ascope:ltversion:9.1.0.297\(c605e4r4p2\)

Trust: 1.0

vendor:huaweimodel:y6 2019scope:ltversion:9.1.0.290\(c185e5r4p1\)

Trust: 1.0

vendor:huaweimodel:cornell-al00ascope:ltversion:9.1.0.340\(c00e333r1p1t8\)

Trust: 1.0

vendor:huaweimodel:y6 2019scope:ltversion:9.1.0.290\(c605e6r1p6\)

Trust: 1.0

vendor:huaweimodel:columbia-tl00dscope:ltversion:10.0.0.178\(c01e178r1p4\)

Trust: 1.0

vendor:huaweimodel:y6 2019scope:ltversion:9.1.0.290\(c431e1r1p8\)

Trust: 1.0

vendor:huaweimodel:honor view 20scope:ltversion:10.0.0.200\(c185e3r3p3\)

Trust: 1.0

vendor:huaweimodel:sydneym-al00scope:ltversion:10.0.0.159\(c00e64r1p5\)

Trust: 1.0

vendor:huaweimodel:cornell-tl10bscope:ltversion:9.1.0.340\(c01e333r1p1t8\)

Trust: 1.0

vendor:huaweimodel:honor 20 proscope:ltversion:10.0.0.194\(c636e3r3p1\)

Trust: 1.0

vendor:huaweimodel:yale-l21ascope:ltversion:10.0.0.202\(c10e3r3p2\)

Trust: 1.0

vendor:huaweimodel:princeton-al10bscope:ltversion:10.0.0.194\(c00e61r4p11\)

Trust: 1.0

vendor:huaweimodel:madrid-al00ascope:ltversion:9.1.0.261\(c00e120r4p1\)

Trust: 1.0

vendor:huaweimodel:honor 8ascope:ltversion:9.1.0.291\(c432e5r2p1\)

Trust: 1.0

vendor:googlemodel:androidscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2020-002589 // NVD: CVE-2020-0069

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-0069
value: HIGH

Trust: 1.0

NVD: JVNDB-2020-002589
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202003-058
value: HIGH

Trust: 0.6

VULMON: CVE-2020-0069
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2020-0069
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

NVD: JVNDB-2020-002589
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

nvd@nist.gov: CVE-2020-0069
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: JVNDB-2020-002589
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULMON: CVE-2020-0069 // JVNDB: JVNDB-2020-002589 // CNNVD: CNNVD-202003-058 // NVD: CVE-2020-0069

PROBLEMTYPE DATA

problemtype:CWE-787

Trust: 1.8

sources: JVNDB: JVNDB-2020-002589 // NVD: CVE-2020-0069

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202003-058

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202003-058

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-002589

PATCH

title:Android のセキュリティに関する公開情報 - 2020 年 3 月url:https://source.android.com/security/bulletin/2020-03-01

Trust: 0.8

title:Android Mediatek Command Queue driver Buffer error vulnerability fixurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=111723

Trust: 0.6

title:The Registerurl:https://www.theregister.co.uk/2020/03/05/google_march_android_fixes/

Trust: 0.2

title:Huawei Security Advisories: Security Advisory - Privilege Escalation Vulnerability in Some Huawei Productsurl:https://vulmon.com/vendoradvisory?qidtp=huawei_security_advisories&qid=e8eb2ffe13149bb69d2b928842ea24a6

Trust: 0.1

title:CVE-2020-0069_pocurl:https://github.com/quarkslab/CVE-2020-0069_poc

Trust: 0.1

title:AutomatedRooturl:https://github.com/R0rt1z2/AutomatedRoot

Trust: 0.1

title:CVE-POCurl:https://github.com/0xT11/CVE-POC

Trust: 0.1

title:PoCurl:https://github.com/Jonathan-Elias/PoC

Trust: 0.1

title:PoC-in-GitHuburl:https://github.com/developer3000S/PoC-in-GitHub

Trust: 0.1

title:PoC-in-GitHuburl:https://github.com/nomi-sec/PoC-in-GitHub

Trust: 0.1

title:PoC-in-GitHuburl:https://github.com/hectorgie/PoC-in-GitHub

Trust: 0.1

title:Threatposturl:https://threatpost.com/mediatek-bug-actively-exploited-android/153408/

Trust: 0.1

sources: VULMON: CVE-2020-0069 // JVNDB: JVNDB-2020-002589 // CNNVD: CNNVD-202003-058

EXTERNAL IDS

db:NVDid:CVE-2020-0069

Trust: 2.5

db:JVNDBid:JVNDB-2020-002589

Trust: 0.8

db:NSFOCUSid:49181

Trust: 0.6

db:CNNVDid:CNNVD-202003-058

Trust: 0.6

db:VULMONid:CVE-2020-0069

Trust: 0.1

sources: VULMON: CVE-2020-0069 // JVNDB: JVNDB-2020-002589 // CNNVD: CNNVD-202003-058 // NVD: CVE-2020-0069

REFERENCES

url:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200527-01-mtk-en

Trust: 1.8

url:https://source.android.com/security/bulletin/2020-03-01

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2020-0069

Trust: 1.4

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-0069

Trust: 0.8

url:https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20200527-01-mtk-cn

Trust: 0.6

url:http://www.nsfocus.net/vulndb/49181

Trust: 0.6

url:https://vigilance.fr/vulnerability/google-android-pixel-multiple-vulnerabilities-of-march-2020-31720

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/787.html

Trust: 0.1

url:https://github.com/quarkslab/cve-2020-0069_poc

Trust: 0.1

url:https://github.com/r0rt1z2/automatedroot

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: VULMON: CVE-2020-0069 // JVNDB: JVNDB-2020-002589 // CNNVD: CNNVD-202003-058 // NVD: CVE-2020-0069

SOURCES

db:VULMONid:CVE-2020-0069
db:JVNDBid:JVNDB-2020-002589
db:CNNVDid:CNNVD-202003-058
db:NVDid:CVE-2020-0069

LAST UPDATE DATE

2024-08-14T15:33:37.728000+00:00


SOURCES UPDATE DATE

db:VULMONid:CVE-2020-0069date:2020-05-27T00:00:00
db:JVNDBid:JVNDB-2020-002589date:2020-03-19T00:00:00
db:CNNVDid:CNNVD-202003-058date:2020-09-28T00:00:00
db:NVDid:CVE-2020-0069date:2024-07-25T14:32:59.103

SOURCES RELEASE DATE

db:VULMONid:CVE-2020-0069date:2020-03-10T00:00:00
db:JVNDBid:JVNDB-2020-002589date:2020-03-19T00:00:00
db:CNNVDid:CNNVD-202003-058date:2020-03-03T00:00:00
db:NVDid:CVE-2020-0069date:2020-03-10T20:15:21.947