7.2
CVSSv2

CVE-2020-0069

Published: 10/03/2020 Updated: 11/03/2020
CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9
Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Summary

Google Android could allow a remote malicious user to gain elevated privileges on the system, caused by a flaw in the Mediatek Command Queue driver. By persuading a victim to open a specially crafted content, an attacker could exploit this vulnerability to gain root access to the system.

Vulnerability Trend

Affected Products

Vendor Product Versions
GoogleAndroid-

Github Repositories

Automated Root Script for MTK ARM64 based chipsets based on diplomatic's CVE-2020-0069 (mtk-su) exploit.

No description, website, or topics provided.

Recent Articles

Android users, if you could pause your COVID-19 panic buying for one minute to install these critical security fixes, that would be great
The Register • Shaun Nichols in San Francisco • 05 Mar 2020

MediaTek chipset flaw already exploited in the wild

Google has emitted its latest monthly batch of Android security fixes, addressing a total of 70 CVE-listed vulnerabilities.
The March update includes 17 patches for flaws described as critical remote code execution holes, though only one is actually documented due to the other 16 residing in closed-source Qualcomm components.
The documented flaw, CVE-2020-0032, lies within the open-source Android media framework that can be exploited by opening a booby-trapped file that Google is dis...

MediaTek Bug Actively Exploited, Affects Millions of Android Devices
Threatpost • Tara Seals • 03 Mar 2020

Google has addressed a high-severity flaw in MediaTek’s Command Queue driver that developers said affects millions of devices – and which has an exploit already circulating in the wild.
Also in its March 2020 Android Security bulletin, issued this week, Google disclosed and patched a critical security vulnerability in the Android media framework, which could enable remote code execution within the context of a privileged process.
The critical bug (CVE-2020-0032) can be exploited ...