In the ioctl handlers of the Mediatek Command Queue driver, there is a possible out of bounds write due to insufficient input sanitization and missing SELinux restrictions. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-147882143References: M-ALPS04356754

Metrics

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:L/AC:L/Au:N/C:C/I:C/A:C

This CVE is in the KEV database since Nov. 3, 2021.

Exploitation active

Automatable no

Technical Impact total

Affected Vendors & Products

Vendors Products
Google
  • Android
Huawei
  • Berkeley-l09
  • Berkeley-l09 Firmware
  • Columbia-al10b
  • Columbia-al10b Firmware
  • Columbia-l29d
  • Columbia-l29d Firmware
  • Columbia-tl00b
  • Columbia-tl00b Firmware
  • Columbia-tl00d
  • Columbia-tl00d Firmware
  • Cornell-al00a
  • Cornell-al00a Firmware
  • Cornell-tl10b
  • Cornell-tl10b Firmware
  • Dura-al00a
  • Dura-al00a Firmware
  • Honor 20 Pro
  • Honor 20 Pro Firmware
  • Honor 8a
  • Honor 8a Firmware
  • Honor View 20
  • Honor View 20 Firmware
  • Jakarta-al00a
  • Jakarta-al00a Firmware
  • Katyusha-al00a
  • Katyusha-al00a Firmware
  • Katyusha-al10a
  • Katyusha-al10a Firmware
  • Madrid-al00a
  • Madrid-al00a Firmware
  • Nova 3
  • Nova 3 Firmware
  • Nova 4
  • Nova 4 Firmware
  • Paris-l29b
  • Paris-l29b Firmware
  • Princeton-al10b
  • Princeton-al10b Firmware
  • Sydney-al00
  • Sydney-al00 Firmware
  • Sydney-tl00
  • Sydney-tl00 Firmware
  • Sydneym-al00
  • Sydneym-al00 Firmware
  • Tony-al00b
  • Tony-al00b Firmware
  • Tony-tl00b
  • Tony-tl00b Firmware
  • Y6 2019
  • Y6 2019 Firmware
  • Yale-al00a
  • Yale-al00a Firmware
  • Yale-l21a
  • Yale-l21a Firmware
  • Yalep-al10b
  • Yalep-al10b Firmware

Configuration 1 [-]

cpe:2.3:o:google:android:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND
cpe:2.3:o:huawei:berkeley-l09_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:huawei:berkeley-l09:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND
cpe:2.3:o:huawei:columbia-al10b_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:huawei:columbia-al10b:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND
cpe:2.3:o:huawei:columbia-l29d_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:huawei:columbia-l29d:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND
cpe:2.3:o:huawei:columbia-tl00b_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:huawei:columbia-tl00b:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND
cpe:2.3:o:huawei:columbia-tl00d_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:huawei:columbia-tl00d:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND
cpe:2.3:o:huawei:cornell-al00a_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:huawei:cornell-al00a:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND
cpe:2.3:o:huawei:cornell-tl10b_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:huawei:cornell-tl10b:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND
cpe:2.3:o:huawei:dura-al00a_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:huawei:dura-al00a:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND
cpe:2.3:o:huawei:honor_20_pro_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:huawei:honor_20_pro:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND
cpe:2.3:o:huawei:y6_2019_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:huawei:y6_2019:-:*:*:*:*:*:*:*

Configuration 12 [-]

AND
cpe:2.3:o:huawei:nova_3_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:huawei:nova_3:-:*:*:*:*:*:*:*

Configuration 13 [-]

AND
cpe:2.3:o:huawei:nova_4_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:huawei:nova_4:-:*:*:*:*:*:*:*

Configuration 14 [-]

AND
cpe:2.3:o:huawei:honor_8a_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:huawei:honor_8a:-:*:*:*:*:*:*:*

Configuration 15 [-]

AND
cpe:2.3:o:huawei:honor_view_20_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:huawei:honor_view_20:-:*:*:*:*:*:*:*

Configuration 16 [-]

AND
cpe:2.3:o:huawei:jakarta-al00a_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:huawei:jakarta-al00a:-:*:*:*:*:*:*:*

Configuration 17 [-]

AND
cpe:2.3:o:huawei:katyusha-al00a_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:huawei:katyusha-al00a:-:*:*:*:*:*:*:*

Configuration 18 [-]

AND
cpe:2.3:o:huawei:katyusha-al10a_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:huawei:katyusha-al10a:-:*:*:*:*:*:*:*

Configuration 19 [-]

AND
cpe:2.3:o:huawei:madrid-al00a_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:huawei:madrid-al00a:-:*:*:*:*:*:*:*

Configuration 20 [-]

AND
cpe:2.3:o:huawei:paris-l29b_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:huawei:paris-l29b:-:*:*:*:*:*:*:*

Configuration 21 [-]

AND
cpe:2.3:o:huawei:princeton-al10b_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:huawei:princeton-al10b:-:*:*:*:*:*:*:*

Configuration 22 [-]

AND
cpe:2.3:o:huawei:sydney-al00_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:huawei:sydney-al00:-:*:*:*:*:*:*:*

Configuration 23 [-]

AND
cpe:2.3:o:huawei:sydney-tl00_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:huawei:sydney-tl00:-:*:*:*:*:*:*:*

Configuration 24 [-]

AND
cpe:2.3:o:huawei:sydneym-al00_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:huawei:sydneym-al00:-:*:*:*:*:*:*:*

Configuration 25 [-]

AND
cpe:2.3:o:huawei:tony-al00b_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:huawei:tony-al00b:-:*:*:*:*:*:*:*

Configuration 26 [-]

AND
cpe:2.3:o:huawei:tony-tl00b_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:huawei:tony-tl00b:-:*:*:*:*:*:*:*

Configuration 27 [-]

AND
cpe:2.3:o:huawei:yale-al00a_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:huawei:yale-al00a:-:*:*:*:*:*:*:*

Configuration 28 [-]

AND
cpe:2.3:o:huawei:yale-l21a_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:huawei:yale-l21a:-:*:*:*:*:*:*:*

Configuration 29 [-]

AND
cpe:2.3:o:huawei:yalep-al10b_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:huawei:yalep-al10b:-:*:*:*:*:*:*:*

Configuration 30 [-]

AND
cpe:2.3:o:huawei:columbia-l29d_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:huawei:columbia-l29d:-:*:*:*:*:*:*:*

Configuration 31 [-]

AND
cpe:2.3:o:huawei:honor_20_pro_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:huawei:honor_20_pro:-:*:*:*:*:*:*:*

Configuration 32 [-]

AND
cpe:2.3:o:huawei:y6_2019_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:huawei:y6_2019:-:*:*:*:*:*:*:*

Configuration 33 [-]

AND
cpe:2.3:o:huawei:y6_2019_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:huawei:y6_2019:-:*:*:*:*:*:*:*

Configuration 34 [-]

AND
cpe:2.3:o:huawei:y6_2019_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:huawei:y6_2019:-:*:*:*:*:*:*:*

Configuration 35 [-]

AND
cpe:2.3:o:huawei:honor_8a_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:huawei:honor_8a:-:*:*:*:*:*:*:*

Configuration 36 [-]

AND
cpe:2.3:o:huawei:honor_8a_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:huawei:honor_8a:-:*:*:*:*:*:*:*

Configuration 37 [-]

AND
cpe:2.3:o:huawei:honor_8a_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:huawei:honor_8a:-:*:*:*:*:*:*:*

Configuration 38 [-]

AND
cpe:2.3:o:huawei:honor_view_20_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:huawei:honor_view_20:-:*:*:*:*:*:*:*

Configuration 39 [-]

AND
cpe:2.3:o:huawei:honor_view_20_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:huawei:honor_view_20:-:*:*:*:*:*:*:*

No data.

References
Link Providers
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200527-01-mtk-en cve-icon cve-icon
https://source.android.com/security/bulletin/2020-03-01 cve-icon cve-icon
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-0069 cve-icon
History

Wed, 22 Oct 2025 00:30:00 +0000

Type Values Removed Values Added
References

Tue, 21 Oct 2025 20:30:00 +0000

Type Values Removed Values Added
References

Tue, 21 Oct 2025 19:30:00 +0000

Type Values Removed Values Added
References

Fri, 07 Feb 2025 13:15:00 +0000

Type Values Removed Values Added
Metrics kev

{'dateAdded': '2021-11-03'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'active', 'Technical Impact': 'total'}, 'version': '2.0.3'}
cve-icon MITRE

Status: PUBLISHED

Assigner: google_android

Published: 2020-03-10T19:56:37.000Z

Updated: 2025-10-21T23:35:49.217Z

Reserved: 2019-10-17T00:00:00.000Z

Link: CVE-2020-0069

cve-icon Vulnrichment

Updated: 2024-08-04T05:47:40.759Z

cve-icon NVD

Status : Modified

Published: 2020-03-10T20:15:21.947

Modified: 2025-10-22T00:16:51.270

Link: CVE-2020-0069

cve-icon Redhat

No data.