Security News > 2020 > March > Google fixes MediaTek bug in Android March patches

Google fixes MediaTek bug in Android March patches
2020-03-04 11:40

Google published patches for over 70 software vulnerabilities in its Android security bulletin this month, finally fixing a security exploit for MediaTek chipsets said to have been in the wild for months, affecting millions of devices.

Google classifies CVE-2020-0069 as an elevation of privilege bug in MediaTek's command queue driver, and only gives it a high severity ranking in its bulletin.

The bug allows an attacker to get root access to an Android device without unlocking the bootloader, XDA-Developers said, by copying a script to their device and executing it in a shell.

The only critical flaws in the 2020-03-05 patch group were in closed source components from chip vendor Qualcomm, which accounted for 48 of the bugs in the Android bulletin overall.

A buffer overflow bug in Qualcomm's video processing is remotely exploitable, as is a Bluetooth bug.


News URL

https://nakedsecurity.sophos.com/2020/03/04/google-fixes-mediatek-bug-in-android-march-patches/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2020-03-10 CVE-2020-0069 Out-of-bounds Write vulnerability in multiple products
In the ioctl handlers of the Mediatek Command Queue driver, there is a possible out of bounds write due to insufficient input sanitization and missing SELinux restrictions.
local
low complexity
google huawei CWE-787
7.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Google 102 256 4320 4678 741 9995
Mediatek 56 0 39 45 13 97