CVE-2020-0069

Name of the Vulnerable Software and Affected Versions Android kernel

Description The issue is related to the Mediatek Command Queue driver in Android operating systems, specifically a possible out of bounds write due to insufficient input sanitization and missing SELinux restrictions. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Millions of Android devices are potentially affected.

Recommendations For Android kernel, consider applying the security patch from the Android Security bulletin to fix the issue. As a temporary workaround, restrict access to the ioctl handlers of the Mediatek Command Queue driver to minimize the risk of exploitation. Avoid using the vulnerable Mediatek Command Queue driver until the issue is resolved.