In the ioctl handlers of the Mediatek Command Queue driver, there is a possible out of bounds write due to insufficient input sanitization and missing SELinux restrictions. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-147882143References: M-ALPS04356754
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
google android - |
MediaTek chipset flaw already exploited in the wild Android owners – you'll want to get these latest security patches, especially for this nasty Bluetooth hijack flaw
Google has emitted its latest monthly batch of Android security fixes, addressing a total of 70 CVE-listed vulnerabilities. The March update includes 17 patches for flaws described as critical remote code execution holes, though only one is actually documented due to the other 16 residing in closed-source Qualcomm components. The documented flaw, CVE-2020-0032, lies within the open-source Android media framework that can be exploited by opening a booby-trapped file that Google is disturbingly va...