CVE-2020-0069

In the ioctl handlers of the Mediatek Command Queue driver, there is a possible out of bounds write due to insufficient input sanitization and missing SELinux restrictions. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-147882143References: M-ALPS04356754

Attack Vector (AV)	Network	Adjacent	Local	Physical
Attack Complexity (AC)	LOW	High
Privileges Required (PR)	None	Low	High
User Interaction (UI)	None	Required
Scope (S)	Unchange	Change
Confidentiality (C)	None	Low	High
Integrity (I)	None	Low	High
Availability (A)	None	Low	High

Attack Vector (AV)	Network	Adjacent	Local
Access Complexity (AC)	Low	Medium	High
Authentication (Au)	None	Single	Multiple
Confidentiality (C)	None	Partial	Complete
Integrity (I)	None	Partial	Complete
Availability (A)	None	Partial	Complete

NVD References

Refer to Information on External Sites

CVE Infomation	Exploits or more Infomation
mitre	EXPLOIT DATABASE
NVD	0day.today
vulmon.com	github
CVE Details	Twitter
JVN ENG JPN
Reconshell

List of frequently cited URLs

URL	Num of Times Referred to
https://reportcybercrime.com/	1368

Information from Twitter

User	URL	Info Source	Date
Bahamut0x414141	https://source.android.com/security/bulletin/2016-05-01	Source Bahamut0x414141 1455208358126915587	2021/11/02
Bahamut0x414141	https://source.android.com/security/bulletin/2015-09-01	Source Bahamut0x414141 1455208358126915587	2021/11/02
Bahamut0x414141	https://source.android.com/security/bulletin/2019-10-01	Source Bahamut0x414141 1455208358126915587	2021/11/02
Bahamut0x414141	https://source.android.com/security/bulletin/2020-03-01	Source Bahamut0x414141 1455208358126915587	2021/11/02
Bahamut0x414141	https://source.android.com/security/bulletin/2020-03-01	Source Bahamut0x414141 1455208358126915587	2021/11/02
0E800	https://www.csoonline.com/article/3639059/stealthy-trojan-t...	Source 0E800 1457891865877905414	2021/11/09
VulmonFeeds	http://vulmon.com/vulnerabilitydetails?qid=CVE-2020-0069	Source VulmonFeeds 1460897765886771201	2021/11/17

List of frequently cited URLs

URL	Num of Times Referred to
reportcybercrime.com	1368

Information from Twitter

User	URL	Info Source
Bahamut0x414141	source.android.com	Show Tweet
Bahamut0x414141	source.android.com	Show Tweet
Bahamut0x414141	source.android.com	Show Tweet
Bahamut0x414141	source.android.com	Show Tweet
Bahamut0x414141	source.android.com	Show Tweet
0E800	csoonline.com	Show Tweet
VulmonFeeds	vulmon.com	Show Tweet

Name	URL
quarkslab/CVE-2020-0069_poc	https://github.com/quarkslab/CVE-2020-0069_poc
TheRealJunior/mtk-su-reverse-cve-2020-0069	https://github.com/TheRealJunior/mtk-su-reverse-cve-2020-0069
R0rt1z2/AutomatedRoot	https://github.com/R0rt1z2/AutomatedRoot
yanglingxi1993/CVE-2020-0069	https://github.com/yanglingxi1993/CVE-2020-0069

GitHub Search Results: Up to 10

Name	URL
quarkslab/CVE-2020-0069_poc	github.com
TheRealJunior/mtk-su-reverse-cve-2020-0069	github.com
R0rt1z2/AutomatedRoot	github.com
yanglingxi1993/CVE-2020-0069	github.com

2021/11/17 Score : 1
Added Har-sia Database : 2020/03/03
Last Modified : 2021/11/17
Highest Scored Date : 2020/03/26
Highest Score : 7

CVE-2020-0069

Description from NVD

▼ CVSS3 Vec CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

▼ CVSS2 Vec AV:L/AC:L/Au:N/C:C/I:C/A:C

NVD References

Refer to Information on External Sites

Information from Twitter

Information from Twitter