In the ioctl handlers of the Mediatek Command Queue driver, there is a possible out of bounds write due to insufficient input sanitization and missing SELinux restrictions. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-147882143References: M-ALPS04356754
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HGoogle Android
OSGooglewszystkie wersjeHuawei Berkeley L09
HWHuaweiwszystkie wersjeHuawei Berkeley L09 Firmware
OSHuawei< 10.0.0.177\(c10e3r1p4\)Huawei Columbia Al10b
HWHuaweiwszystkie wersjeHuawei Columbia Al10b Firmware
OSHuawei< 10.0.0.178\(c00e178r1p4\)Huawei Columbia L29d
HWHuaweiwszystkie wersjeHuawei Columbia L29d Firmware
OSHuawei< 10.0.0.177\(c10e4r1p4\)< 10.0.0.177\(c432e3r1p4\)Huawei Columbia Tl00b
HWHuaweiwszystkie wersjeHuawei Columbia Tl00b Firmware
OSHuawei< 10.0.0.178\(c01e178r1p4\)Huawei Columbia Tl00d
HWHuaweiwszystkie wersjeHuawei Columbia Tl00d Firmware
OSHuawei< 10.0.0.178\(c01e178r1p4\)Huawei Cornell Al00a
HWHuaweiwszystkie wersjeHuawei Cornell Al00a Firmware
OSHuawei< 9.1.0.340\(c00e333r1p1t8\)Huawei Cornell Tl10b
HWHuaweiwszystkie wersjeHuawei Cornell Tl10b Firmware
OSHuawei< 9.1.0.340\(c01e333r1p1t8\)Huawei Dura Al00a
HWHuaweiwszystkie wersjeHuawei Dura Al00a Firmware
OSHuawei< 1.0.0.190\(c00\)Huawei Honor 20 Pro
HWHuaweiwszystkie wersjeHuawei Honor 20 Pro Firmware
OSHuawei< 10.0.0.202\(c10e3r3p2\)< 10.0.0.194\(c636e3r3p1\)Huawei Honor 8a
HWHuaweiwszystkie wersjeHuawei Honor 8a Firmware
OSHuawei< 9.1.0.291\(c432e5r2p1\)< 9.1.0.291\(c636e4r4p1\)< 9.1.0.291\(c185e3r4p1\)< 9.1.0.297\(c605e4r4p2\)Huawei Honor View 20
HWHuaweiwszystkie wersjeHuawei Honor View 20 Firmware
OSHuawei< 10.0.0.201\(c10e5r4p3\)< 10.0.0.198\(c432e10r3p4\)< 10.0.0.200\(c185e3r3p3\)Huawei Jakarta Al00a
HWHuaweiwszystkie wersjeHuawei Jakarta Al00a Firmware
OSHuawei< 9.1.0.251\(c00e106r2p2\)Huawei Katyusha Al00a
HWHuaweiwszystkie wersjeHuawei Katyusha Al00a Firmware
OSHuawei< 9.1.0.146\(c00e131r2p2\)Huawei Katyusha Al10a
HWHuaweiwszystkie wersjeHuawei Katyusha Al10a Firmware
OSHuawei< 9.1.0.160\(c00e150r1p7\)Huawei Madrid Al00a
HWHuaweiwszystkie wersje
CISA KEV — detailsi
- Vendori
- MediaTek
- Producti
- Multiple Chipsets
- Added to KEVi
- November 3, 2021
- Remediation deadline (US Federal)i
- May 3, 2022(overdue)
Apply updates per vendor instructions.
Multiple MediaTek chipsets contain an insufficient input validation vulnerability and have missing SELinux restrictions in the Command Queue drivers ioctl handlers. This causes an out-of-bounds write leading to privilege escalation. This vulnerability was observed chained with CVE-2019-2215 and CVE-2020-0041 under exploit chain "AbstractEmu."
Related vulnerabilities
Heap buffer overflow in UI in Google Chrome on Android prior to 86.0.4240.185 allowed a remote attacker who ha...
Adobe Flash Player 21.0.0.197 and earlier allows remote attackers to cause a denial of service (application cr...
Insufficient validation of untrusted input in WebAppInstalls in Google Chrome on Android prior to 150.0.7871.4...
Insufficient validation of untrusted input in WebAppInstalls in Google Chrome on Android prior to 150.0.7871.4...
Insufficient validation of untrusted input in Text in Google Chrome on Android prior to 150.0.7871.47 allowed ...