CISA Known Exploited Vulnerability

This vulnerability is actively exploited in the wild and listed in the CISA Known Exploited Vulnerabilities catalog.

Remediation Deadline: May 3, 2022

CVE-2020-0069

High

EPSS 0.7%CISA KEV

MediaTek/Multiple Chipsets

Description

Multiple MediaTek chipsets contain an insufficient input validation vulnerability and have missing SELinux restrictions in the Command Queue drivers ioctl handlers. This causes an out-of-bounds write leading to privilege escalation. This vulnerability was observed chained with CVE-2019-2215 and CVE-2020-0041 under exploit chain "AbstractEmu."

EPSS — Exploit Probability

0.7%

Higher than 71.9% of all CVEs

Required Action

https://nvd.nist.gov/vuln/detail/CVE-2020-0069

Risk Assessment

ELEVATED

In CISA KEV

Details

Severity: High
EPSS: 0.7%
CISA KEV: Yes
Ransomware: Unknown
Articles: 0

Timeline

Published

Nov 3, 2021

Added to KEV

Nov 3, 2021

Remediation Due

May 3, 2022

Affected Product

MediaTek

Multiple Chipsets

View all MediaTek CVEs

External Links

NVD (NIST)CVE Details MITRE CVE