Cyber Resilience

CVE-2020-0069

HighCISA KEVActive ExploitationEUVD Exploited

Published: 10 March 2020

Published
10 March 2020
Modified
23 October 2025
KEV Added
03 November 2021
Patch
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0077 73.9th percentile
Risk Priority 36 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2020-0069 is a high-severity Out-of-bounds Write (CWE-787) vulnerability in Huawei Y6 2019 Firmware. Its CVSS base score is 7.8 (High).

Operationally, ranked in the top 26.1% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-10 (Information Input Validation).

Deeper analysis

The vulnerability is an out-of-bounds write in the ioctl handlers of the Mediatek Command Queue driver within the Android kernel. It stems from insufficient input sanitization combined with missing SELinux restrictions and is tracked under Android ID A-147882143 and CWE-787. The issue affects Android devices using the Mediatek kernel components and carries a CVSS 3.1 score of 7.8.

A local attacker with low privileges can invoke the affected ioctl interfaces to corrupt kernel memory, achieving escalation of privilege to higher levels without requiring user interaction or additional execution rights. This allows full compromise of the kernel's confidentiality, integrity, and availability on the device.

Android security bulletins from March 2020 and related Huawei advisories address the flaw through kernel patches that enforce proper input validation and SELinux policy restrictions. The vulnerability appears in CISA's catalog of known exploited vulnerabilities, confirming observed in-the-wild use.

EU & UK References

Vulnerability details

In the ioctl handlers of the Mediatek Command Queue driver, there is a possible out of bounds write due to insufficient input sanitization and missing SELinux restrictions. This could lead to local escalation of privilege with no additional execution privileges…

more

needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-147882143References: M-ALPS04356754

CWE(s)
KEV Date Added
03 November 2021

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

google
android
all versions
huawei
berkeley-l09 firmware
≤ 10.0.0.177\(c10e3r1p4\)
huawei
columbia-al10b firmware
≤ 10.0.0.178\(c00e178r1p4\)
huawei
columbia-l29d firmware
≤ 10.0.0.177\(c10e4r1p4\) · ≤ 10.0.0.177\(c432e3r1p4\)
huawei
columbia-tl00b firmware
≤ 10.0.0.178\(c01e178r1p4\)
huawei
columbia-tl00d firmware
≤ 10.0.0.178\(c01e178r1p4\)
huawei
cornell-al00a firmware
≤ 9.1.0.340\(c00e333r1p1t8\)
huawei
cornell-tl10b firmware
≤ 9.1.0.340\(c01e333r1p1t8\)
huawei
dura-al00a firmware
≤ 1.0.0.190\(c00\)
huawei
honor 20 pro firmware
≤ 10.0.0.194\(c636e3r3p1\) · ≤ 10.0.0.202\(c10e3r3p2\)
+19 more product configuration(s) — see NVD for full list

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires validation of inputs to ioctl interfaces, eliminating the insufficient sanitization root cause of the out-of-bounds write.

prevent

Enforces SELinux mandatory access controls on kernel driver entry points, blocking the unauthorized ioctl access that enables privilege escalation.

prevent

Applies memory-protection mechanisms that limit the ability of a successful out-of-bounds write to corrupt kernel memory and escalate privileges.

References