Main Vulnerability Database Exploits ID:9277 - Exploit for Out-of-bounds write in Google Android - CVE-2020-0069

ID:9277 - Exploit for Out-of-bounds write in Google Android - CVE-2020-0069

Published: September 4, 2023

Vulnerability identifier: #VU34793

Vulnerability risk: Low

CVE-ID: CVE-2020-0069

CWE-ID: CWE-787

Exploitation vector: Local access

Vulnerable software:
Google Android

Link to public exploit:

https://github.com/0xf15h/mtk_su

Vulnerability description

The vulnerability allows a local authenticated user to execute arbitrary code.

In the ioctl handlers of the Mediatek Command Queue driver, there is a possible out of bounds write due to insufficient input sanitization and missing SELinux restrictions. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-147882143References: M-ALPS04356754

Remediation

Install update from vendor's website.

ID:9277 - Exploit for Out-of-bounds write in Google Android - CVE-2020-0069

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human