CVE-2020-0069 — Mediatek Multiple Chipsets Insufficient Input Validation Vulnerability
2021-11-03 • CISA Known Exploited Vulnerability
[event] Multiple MediaTek chipsets contain an insufficient input validation vulnerability and have missing SELinux restrictions in the Command Queue drivers ioctl handlers. This causes an out-of-bounds write leading to privilege escalation. This vulnerability was observed chained with CVE-2019-2215 and CVE-2020-0041 under exploit chain "AbstractEmu."
> AFFECTED SOFTWARE
| Field | Value |
|---|---|
| Vendor | MediaTek |
| Product | Multiple Chipsets |
| CWE | CWE-787 |
| CVE ID | CVE-2020-0069 |
| Date Added | 2021-11-03 |
| Due Date | 2022-05-03 |
| Ransomware Campaign | Unknown |
> MITIGATION
Apply updates per vendor instructions.
Due Date: 2022-05-03