Details of VAR-202003-0573

ID

VAR-202003-0573

CVE

CVE-2020-0069

TITLE

Android Out-of-bounds write vulnerability in kernel

Trust: 0.8

sources: JVNDB: JVNDB-2020-002589

DESCRIPTION

In the ioctl handlers of the Mediatek Command Queue driver, there is a possible out of bounds write due to insufficient input sanitization and missing SELinux restrictions. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-147882143References: M-ALPS04356754. Android An out-of-bounds write vulnerability exists in the kernel. This vulnerability is Android ID: A-147882143 and References: M-ALPS04356754 It is published as.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state

Trust: 1.71

sources: NVD: CVE-2020-0069 // JVNDB: JVNDB-2020-002589 // VULMON: CVE-2020-0069

AFFECTED PRODUCTS

vendor:	huawei	model:	tony-tl00b	scope:	lt	version:	10.0.0.196\(c01e65r2p11\)	Trust: 1.0
vendor:	huawei	model:	columbia-l29d	scope:	lt	version:	10.0.0.177\(c432e3r1p4\)	Trust: 1.0
vendor:	huawei	model:	katyusha-al10a	scope:	lt	version:	9.1.0.160\(c00e150r1p7\)	Trust: 1.0
vendor:	huawei	model:	dura-al00a	scope:	lt	version:	1.0.0.190\(c00\)	Trust: 1.0
vendor:	huawei	model:	sydney-al00	scope:	lt	version:	9.1.0.237\(c00e80r1p7t8\)	Trust: 1.0
vendor:	huawei	model:	katyusha-al00a	scope:	lt	version:	9.1.0.146\(c00e131r2p2\)	Trust: 1.0
vendor:	huawei	model:	yalep-al10b	scope:	lt	version:	10.0.0.194\(c00e62r8p12\)	Trust: 1.0
vendor:	huawei	model:	honor 8a	scope:	lt	version:	9.1.0.291\(c185e3r4p1\)	Trust: 1.0
vendor:	huawei	model:	yale-al00a	scope:	lt	version:	10.0.0.196\(c00e62r8p12\)	Trust: 1.0
vendor:	huawei	model:	columbia-l29d	scope:	lt	version:	10.0.0.177\(c10e4r1p4\)	Trust: 1.0
vendor:	huawei	model:	jakarta-al00a	scope:	lt	version:	9.1.0.251\(c00e106r2p2\)	Trust: 1.0
vendor:	google	model:	android	scope:	eq	version:	-	Trust: 1.0
vendor:	huawei	model:	nova 4	scope:	lt	version:	10.0.0.160\(c01e32r2p4\)	Trust: 1.0
vendor:	huawei	model:	columbia-al10b	scope:	lt	version:	10.0.0.178\(c00e178r1p4\)	Trust: 1.0
vendor:	huawei	model:	nova 3	scope:	lt	version:	9.1.0.338\(c00e333r1p1t8\)	Trust: 1.0
vendor:	huawei	model:	honor 20 pro	scope:	lt	version:	10.0.0.202\(c10e3r3p2\)	Trust: 1.0
vendor:	huawei	model:	honor 8a	scope:	lt	version:	9.1.0.291\(c636e4r4p1\)	Trust: 1.0
vendor:	huawei	model:	berkeley-l09	scope:	lt	version:	10.0.0.177\(c10e3r1p4\)	Trust: 1.0
vendor:	huawei	model:	sydney-tl00	scope:	lt	version:	9.1.0.237\(c01e80r1p7t8\)	Trust: 1.0
vendor:	huawei	model:	columbia-tl00b	scope:	lt	version:	10.0.0.178\(c01e178r1p4\)	Trust: 1.0
vendor:	huawei	model:	honor view 20	scope:	lt	version:	10.0.0.198\(c432e10r3p4\)	Trust: 1.0
vendor:	huawei	model:	tony-al00b	scope:	lt	version:	10.1.0.137\(c00e137r2p11\)	Trust: 1.0
vendor:	huawei	model:	y6 2019	scope:	lt	version:	9.1.0.295\(c431e5r2p2\)	Trust: 1.0
vendor:	huawei	model:	paris-l29b	scope:	lt	version:	9.1.0.380\(c636e1r1p3t8\)	Trust: 1.0
vendor:	huawei	model:	honor view 20	scope:	lt	version:	10.0.0.201\(c10e5r4p3\)	Trust: 1.0
vendor:	huawei	model:	honor 8a	scope:	lt	version:	9.1.0.297\(c605e4r4p2\)	Trust: 1.0
vendor:	huawei	model:	y6 2019	scope:	lt	version:	9.1.0.290\(c185e5r4p1\)	Trust: 1.0
vendor:	huawei	model:	cornell-al00a	scope:	lt	version:	9.1.0.340\(c00e333r1p1t8\)	Trust: 1.0
vendor:	huawei	model:	y6 2019	scope:	lt	version:	9.1.0.290\(c605e6r1p6\)	Trust: 1.0
vendor:	huawei	model:	columbia-tl00d	scope:	lt	version:	10.0.0.178\(c01e178r1p4\)	Trust: 1.0
vendor:	huawei	model:	y6 2019	scope:	lt	version:	9.1.0.290\(c431e1r1p8\)	Trust: 1.0
vendor:	huawei	model:	honor view 20	scope:	lt	version:	10.0.0.200\(c185e3r3p3\)	Trust: 1.0
vendor:	huawei	model:	sydneym-al00	scope:	lt	version:	10.0.0.159\(c00e64r1p5\)	Trust: 1.0
vendor:	huawei	model:	cornell-tl10b	scope:	lt	version:	9.1.0.340\(c01e333r1p1t8\)	Trust: 1.0
vendor:	huawei	model:	honor 20 pro	scope:	lt	version:	10.0.0.194\(c636e3r3p1\)	Trust: 1.0
vendor:	huawei	model:	yale-l21a	scope:	lt	version:	10.0.0.202\(c10e3r3p2\)	Trust: 1.0
vendor:	huawei	model:	princeton-al10b	scope:	lt	version:	10.0.0.194\(c00e61r4p11\)	Trust: 1.0
vendor:	huawei	model:	madrid-al00a	scope:	lt	version:	9.1.0.261\(c00e120r4p1\)	Trust: 1.0
vendor:	huawei	model:	honor 8a	scope:	lt	version:	9.1.0.291\(c432e5r2p1\)	Trust: 1.0
vendor:	google	model:	android	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2020-002589 // NVD: CVE-2020-0069

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-0069
value:	HIGH
Trust: 1.0
NVD:	JVNDB-2020-002589
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202003-058
value:	HIGH
Trust: 0.6
VULMON:	CVE-2020-0069
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2020-0069
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1
NVD:	JVNDB-2020-002589
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8

nvd@nist.gov:	CVE-2020-0069
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	JVNDB-2020-002589
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULMON: CVE-2020-0069 // JVNDB: JVNDB-2020-002589 // CNNVD: CNNVD-202003-058 // NVD: CVE-2020-0069

PROBLEMTYPE DATA

problemtype:

CWE-787

Trust: 1.8

sources: JVNDB: JVNDB-2020-002589 // NVD: CVE-2020-0069

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202003-058

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202003-058

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-002589

PATCH

title:	Android のセキュリティに関する公開情報 - 2020 年 3 月	url:	https://source.android.com/security/bulletin/2020-03-01	Trust: 0.8
title:	Android Mediatek Command Queue driver Buffer error vulnerability fix	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=111723	Trust: 0.6
title:	The Register	url:	https://www.theregister.co.uk/2020/03/05/google_march_android_fixes/	Trust: 0.2
title:	Huawei Security Advisories: Security Advisory - Privilege Escalation Vulnerability in Some Huawei Products	url:	https://vulmon.com/vendoradvisory?qidtp=huawei_security_advisories&qid=e8eb2ffe13149bb69d2b928842ea24a6	Trust: 0.1
title:	CVE-2020-0069_poc	url:	https://github.com/quarkslab/CVE-2020-0069_poc	Trust: 0.1
title:	AutomatedRoot	url:	https://github.com/R0rt1z2/AutomatedRoot	Trust: 0.1
title:	CVE-POC	url:	https://github.com/0xT11/CVE-POC	Trust: 0.1
title:	PoC	url:	https://github.com/Jonathan-Elias/PoC	Trust: 0.1
title:	PoC-in-GitHub	url:	https://github.com/developer3000S/PoC-in-GitHub	Trust: 0.1
title:	PoC-in-GitHub	url:	https://github.com/nomi-sec/PoC-in-GitHub	Trust: 0.1
title:	PoC-in-GitHub	url:	https://github.com/hectorgie/PoC-in-GitHub	Trust: 0.1
title:	Threatpost	url:	https://threatpost.com/mediatek-bug-actively-exploited-android/153408/	Trust: 0.1

sources: VULMON: CVE-2020-0069 // JVNDB: JVNDB-2020-002589 // CNNVD: CNNVD-202003-058

EXTERNAL IDS

db:	NVD	id:	CVE-2020-0069	Trust: 2.5
db:	JVNDB	id:	JVNDB-2020-002589	Trust: 0.8
db:	NSFOCUS	id:	49181	Trust: 0.6
db:	CNNVD	id:	CNNVD-202003-058	Trust: 0.6
db:	VULMON	id:	CVE-2020-0069	Trust: 0.1

sources: VULMON: CVE-2020-0069 // JVNDB: JVNDB-2020-002589 // CNNVD: CNNVD-202003-058 // NVD: CVE-2020-0069

REFERENCES

url:	http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200527-01-mtk-en	Trust: 1.8
url:	https://source.android.com/security/bulletin/2020-03-01	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2020-0069	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-0069	Trust: 0.8
url:	https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20200527-01-mtk-cn	Trust: 0.6
url:	http://www.nsfocus.net/vulndb/49181	Trust: 0.6
url:	https://vigilance.fr/vulnerability/google-android-pixel-multiple-vulnerabilities-of-march-2020-31720	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/787.html	Trust: 0.1
url:	https://github.com/quarkslab/cve-2020-0069_poc	Trust: 0.1
url:	https://github.com/r0rt1z2/automatedroot	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULMON: CVE-2020-0069 // JVNDB: JVNDB-2020-002589 // CNNVD: CNNVD-202003-058 // NVD: CVE-2020-0069

SOURCES

db:	VULMON	id:	CVE-2020-0069
db:	JVNDB	id:	JVNDB-2020-002589
db:	CNNVD	id:	CNNVD-202003-058
db:	NVD	id:	CVE-2020-0069

LAST UPDATE DATE

2024-08-14T15:33:37.728000+00:00

SOURCES UPDATE DATE

db:	VULMON	id:	CVE-2020-0069	date:	2020-05-27T00:00:00
db:	JVNDB	id:	JVNDB-2020-002589	date:	2020-03-19T00:00:00
db:	CNNVD	id:	CNNVD-202003-058	date:	2020-09-28T00:00:00
db:	NVD	id:	CVE-2020-0069	date:	2024-07-25T14:32:59.103

SOURCES RELEASE DATE

db:	VULMON	id:	CVE-2020-0069	date:	2020-03-10T00:00:00
db:	JVNDB	id:	JVNDB-2020-002589	date:	2020-03-19T00:00:00
db:	CNNVD	id:	CNNVD-202003-058	date:	2020-03-03T00:00:00
db:	NVD	id:	CVE-2020-0069	date:	2020-03-10T20:15:21.947