LIVE NEWSROOM · --:-- · May 25, 2026
A LIBRARY FOR SECURITY RESEARCHERS

CVE DATABASE  /  CVE-2020-0069

CVE-2020-0069

Mediatek Multiple Chipsets Insufficient Input Validation Vulnerability

CVSS 7.8 · HIGH ⚠ CISA KEV — ACTIVELY EXPLOITED
On the CISA KEV catalog

Confirmed exploited in the wild. Added 2021-11-03. Federal remediation due 2022-05-03.
Required action: Apply updates per vendor instructions.

Summary

In the ioctl handlers of the Mediatek Command Queue driver, there is a possible out of bounds write due to insufficient input sanitization and missing SELinux restrictions. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-147882143References: M-ALPS04356754

CVSS 3.1 breakdown

Base score7.8 (HIGH)
VectorCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack vectorLOCAL
Attack complexityLOW
Privileges requiredLOW
User interactionNONE
ScopeUNCHANGED
ConfidentialityHIGH
IntegrityHIGH
AvailabilityHIGH

Weakness type (CWE)

Affected products

Google androidHuawei berkeley-l09 firmwareHuawei berkeley-l09Huawei columbia-al10b firmwareHuawei columbia-al10bHuawei columbia-l29d firmwareHuawei columbia-l29dHuawei columbia-tl00b firmwareHuawei columbia-tl00bHuawei columbia-tl00d firmwareHuawei columbia-tl00dHuawei cornell-al00a firmwareHuawei cornell-al00aHuawei cornell-tl10b firmwareHuawei cornell-tl10bHuawei dura-al00a firmwareHuawei dura-al00aHuawei honor 20 pro firmwareHuawei honor 20 proHuawei y6 2019 firmware
Check this CVE live

Use our free CVE Lookup tool for the latest NVD record, or browse the full CISA KEV catalog.

References

Data: NIST NVD + CISA KEV. NVD last modified 2025-10-23. Always verify against the vendor advisory before acting.

Scroll to Top