CVE-2020-0069

Q: What is the severity of CVE-2020-0069?

CVE-2020-0069 has a CVSS score of 7.8 (HIGH). CVE-2020-0069 is a local privilege escalation vulnerability in MediaTek Command Queue driver ioctl handlers on Android devices. It allows attackers to execute arbitrary code with kernel privileges due to insufficient input validation and missing SELinux restrictions. This affects Android devices with MediaTek chipsets running vulnerable kernel versions.

7.8 HIGH

📋 TL;DR

CVE-2020-0069 is a local privilege escalation vulnerability in MediaTek Command Queue driver ioctl handlers on Android devices. It allows attackers to execute arbitrary code with kernel privileges due to insufficient input validation and missing SELinux restrictions. This affects Android devices with MediaTek chipsets running vulnerable kernel versions.

💻 Affected Systems

Products:

Android devices with MediaTek chipsets

Versions: Android kernel versions before March 2020 security patch

Operating Systems: Android

Default Config Vulnerable: ⚠️ Yes

Notes: Specifically affects MediaTek Command Queue driver in Android kernel. Huawei devices are confirmed affected per their advisory.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device compromise allowing attackers to install persistent malware, access all user data, and control device functions.

🟠

Likely Case

Local privilege escalation allowing malware to gain kernel-level access and bypass security controls.

🟢

If Mitigated

Limited impact with proper SELinux policies and kernel hardening in place.

🌐 Internet-Facing: LOW - This is a local privilege escalation requiring local access.

🏢 Internal Only: HIGH - Malicious apps or users with physical access can exploit this without user interaction.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: CONFIRMED

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires local access but no user interaction. CISA lists this as known exploited vulnerability.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Android security patch level March 2020 or later

Vendor Advisory: https://source.android.com/security/bulletin/2020-03-01

Restart Required: Yes

Instructions:

1. Apply March 2020 Android security patch. 2. Update device firmware through manufacturer channels. 3. For Huawei devices, follow Huawei SA-20200527-01 advisory.

🔧 Temporary Workarounds

SELinux Policy Hardening

linux

Implement stricter SELinux policies to restrict ioctl access to MediaTek drivers

# Requires custom SELinux policy modifications
# Not recommended for general users

🧯 If You Can't Patch

Restrict physical access to devices and implement application whitelisting
Monitor for suspicious kernel module loading and ioctl system calls

🔍 How to Verify

Check if Vulnerable:

Check Android security patch level: Settings > About phone > Android security patch level. If before March 2020, device is vulnerable.

Check Version:

adb shell getprop ro.build.version.security_patch

Verify Fix Applied:

Verify Android security patch level is March 2020 or later. Check kernel version for MediaTek driver updates.

📡 Detection & Monitoring

Log Indicators:

Unusual ioctl calls to /dev/mtk-cmdq
Kernel panic or crashes related to MediaTek drivers
SELinux denials for mtk-cmdq operations

Network Indicators:

Not applicable - local exploit only

SIEM Query:

source="android_kernel" AND ("mtk-cmdq" OR "CVE-2020-0069")

📊 Metadata

CVE ID: CVE-2020-0069

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-787

Published: March 10, 2020

Last Updated: October 23, 2025

🔗 References

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200527-01-mtk-en Vendor Advisory
https://source.android.com/security/bulletin/2020-03-01 Vendor Advisory
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200527-01-mtk-en Vendor Advisory
https://source.android.com/security/bulletin/2020-03-01 Vendor Advisory
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-0069 Third Party Advisory,US Government Resource

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Android by Google

Berkeley L09 Firmware by Huawei

Columbia Al10b Firmware by Huawei

Columbia L29d Firmware by Huawei

Columbia L29d Firmware by Huawei

Columbia Tl00b Firmware by Huawei

Columbia Tl00d Firmware by Huawei

Cornell Al00a Firmware by Huawei

Cornell Tl10b Firmware by Huawei

Dura Al00a Firmware by Huawei

Honor 20 Pro Firmware by Huawei

Honor 20 Pro Firmware by Huawei

Honor 8a Firmware by Huawei

Honor 8a Firmware by Huawei

Honor 8a Firmware by Huawei

Honor 8a Firmware by Huawei

Honor View 20 Firmware by Huawei

Honor View 20 Firmware by Huawei

Honor View 20 Firmware by Huawei

Jakarta Al00a Firmware by Huawei

Katyusha Al00a Firmware by Huawei

Katyusha Al10a Firmware by Huawei

Madrid Al00a Firmware by Huawei

Nova 3 Firmware by Huawei

Nova 4 Firmware by Huawei

Paris L29b Firmware by Huawei

Princeton Al10b Firmware by Huawei

Sydney Al00 Firmware by Huawei

Sydney Tl00 Firmware by Huawei

Sydneym Al00 Firmware by Huawei

Tony Al00b Firmware by Huawei

Tony Tl00b Firmware by Huawei

Y6 2019 Firmware by Huawei

Y6 2019 Firmware by Huawei

Y6 2019 Firmware by Huawei

Y6 2019 Firmware by Huawei

Yale Al00a Firmware by Huawei

Yale L21a Firmware by Huawei

Yalep Al10b Firmware by Huawei

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

SELinux Policy Hardening

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities