CVE-2020-0069
Mediatek Multiple Chipsets Insufficient Input Validation Vulnerability
CVSS
—
No CVSS
EPSS
1.3%
p67
KEV
YES
Nov 3, 2021
Exploit Today
70
0-100
Published: — · Last modified: —
Product
MediaTek / Multiple Chipsets
Vulnerability
Mediatek Multiple Chipsets Insufficient Input Validation Vulnerability
Added to KEV
Nov 3, 2021
Remediate by
May 3, 2022
Known ransomware use
No
Summary description
Multiple MediaTek chipsets contain an insufficient input validation vulnerability and have missing SELinux restrictions in the Command Queue drivers ioctl handlers. This causes an out-of-bounds write leading to privilege escalation. This vulnerability was observed chained with CVE-2019-2215 and CVE-2020-0041 under exploit chain "AbstractEmu."
Required action
Apply updates per vendor instructions.
Notes
https://nvd.nist.gov/vuln/detail/CVE-2020-0069
No related CVEs by CWE or product.