Show vulnerabilities with patch / with exploit

Multiple vulnerabilities in Google Android



Published: 2020-02-14 | Updated: 2020-02-17
Severity High
Patch available YES
Number of vulnerabilities 14
CVE ID CVE-2020-0021
CVE-2020-0020
CVE-2020-0018
CVE-2020-0017
CVE-2019-2200
CVE-2020-0015
CVE-2020-0014
CVE-2020-0028
CVE-2020-0027
CVE-2020-0026
CVE-2020-0023
CVE-2020-0022
CVE-2020-0005
CVE-2020-0030
CWE ID CWE-20
CWE-125
CWE-200
CWE-264
CWE-787
CWE-416
CWE-362
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe
Google Android
Operating systems & Components / Operating system

Vendor Google, Inc.

Security Advisory

Updated 17.02.2020
Added vulnerability #14

1) Input validation error

Severity: Medium

CVSSv3: 6.5 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2020-0021

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists within the Framework functionality of Android due to a missing package dependency test in "removeUnusedPackagesLPw" of "PackageManagerService.java". A remote attacker can cause a denial of service condition on the target system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Google Android: 10.0

CPE External links

https://source.android.com/security/bulletin/2020-02-01
https://android.googlesource.com/platform/frameworks/base/+/859ead528cd09f6fdf3a85df390745054058d12c
https://android.googlesource.com/platform/frameworks/base/+/fab928923c8255626049e6f459105d2e4c715384
https://android.googlesource.com/platform/frameworks/base/+/f5a3d382a97ef26fefbd15cd02c9993e77f7b813

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Out-of-bounds read

Severity: Low

CVSSv3: 5.4 [CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2020-0020

CWE-ID: CWE-125 - Out-of-bounds Read

Exploit availability: No

Description

The vulnerability allows a local attacker to gain access to potentially sensitive information.

The vulnerability exists within the Framework functionality of Android due to a boundary condition in "getAttributeRange" of "ExifInterface.java" when the vulnerable software fails to redact location information from media files. A local attacker can trigger out-of-bounds read error and read contents of memory on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Google Android: 10.0

CPE External links

https://source.android.com/security/bulletin/2020-02-01
https://android.googlesource.com/platform/frameworks/base/+/aa68a4f19e6a122b80ca1bcff57228dc795081e5

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Information disclosure

Severity: Low

CVSSv3: 5.4 [CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2020-0018

CWE-ID: CWE-200 - Information Exposure

Exploit availability: No

Description

The vulnerability allows a local attacker to gain access to potentially sensitive information.

The vulnerability exists within the Framework functionality of Android due to an error in "MotionEntry::appendDescription" of "InputDispatcher.cpp". A local attacker can gain unauthorized access to sensitive information on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Google Android: 8.0, 8.1, 9.0, 10.0

CPE External links

https://source.android.com/security/bulletin/2020-02-01
https://android.googlesource.com/platform/frameworks/native/+/7fb8682cbf494e3f1d5c79ebfbd9b020e1191679

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Information disclosure

Severity: Low

CVSSv3: 4.8 [CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2020-0017

CWE-ID: CWE-200 - Information Exposure

Exploit availability: No

Description

The vulnerability allows a local attacker to gain access to potentially sensitive information.

The vulnerability exists within the Framework functionality of Android due to a possibility for the primary users dictionary to be visible to and modifiable by secondary users in multiple places. A local attacker can gain unauthorized access to sensitive information on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Google Android: 8.0, 8.1, 9.0, 10.0

CPE External links

https://source.android.com/security/bulletin/2020-02-01
https://android.googlesource.com/platform/frameworks/base/+/721e4d085ca3d1dc5826c0ba71615529f544d7f7
https://android.googlesource.com/platform/frameworks/base/+/ea4bce75cfebd7cef90b1e483d752b252f09333c

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Permissions, Privileges, and Access Controls

Severity: Low

CVSSv3: 6.8 [CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2019-2200

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a local attacker to escalate privileges on the system.

The vulnerability exists due to a permission bypass in "updatePermissions" of "PermissionManagerService.java". A local attacker can use a malicious app to obtain a custom permission from another app and gain elevated privileges on the target system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Google Android: 10.0

CPE External links

https://source.android.com/security/bulletin/2020-02-01
https://android.googlesource.com/platform/frameworks/base/+/aa2ffea8baea65c13ac2b841b3d581f28261dd2b

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Permissions, Privileges, and Access Controls

Severity: Low

CVSSv3: 6.8 [CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2020-0015

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a local attacker to escalate privileges on the system.

The vulnerability exists within the Framework functionality of Android due to a possible way to overlay the Certificate Installation dialog by a malicious application in "onCreate" of "CertInstaller.java". A local attacker can gain elevated privileges on the target system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Google Android: 8.0, 8.1, 9.0, 10.0

CPE External links

https://source.android.com/security/bulletin/2020-02-01
https://android.googlesource.com/platform/packages/apps/CertInstaller/+/bdf1dc655cf226d10077e0926049bac0aed0127e

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Permissions, Privileges, and Access Controls

Severity: Low

CVSSv3: 6.8 [CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2020-0014

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a local attacker to escalate privileges on the system.

The vulnerability exists within the Framework functionality of Android due to possibility for a malicious application to construct a TYPE_TOAST window manually and make that window clickable. A local attacker can gain elevated privileges on the target system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Google Android: 8.0, 8.1, 9.0, 10.0

CPE External links

https://source.android.com/security/bulletin/2020-02-01
https://android.googlesource.com/platform/frameworks/base/+/d885c3279f3fecb2c08e382c733a440113dae644

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Information disclosure

Severity: Medium

CVSSv3: 5.7 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2020-0028

CWE-ID: CWE-200 - Information Exposure

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists within the System functionality of Android due to a possible bypass of private DNS settings in "notifyNetworkTested" and related functions of "NetworkMonitor.java". A remote attacker can gain unauthorized access to sensitive information on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Google Android: 9.0

CPE External links

https://source.android.com/security/bulletin/2020-02-01
https://android.googlesource.com/platform/frameworks/base/+/0929eb918071c1e76fd41b677af0973412f8a098
https://android.googlesource.com/platform/frameworks/base/+/b66ddb8e5d08324ab3fc068861cd029a8ffba1b8

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Out-of-bounds write

Severity: High

CVSSv3: 7.1 [CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2020-0027

CWE-ID: CWE-787 - Out-of-bounds Write

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists within the System functionality of Android due to an unexpected switch fallthrough in "HidRawSensor::batch" of "HidRawSensor.cpp". A remote attacker can trigger out-of-bounds write and execute arbitrary code on the target system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Google Android: 8.0, 8.1, 9.0, 10.0

CPE External links

https://source.android.com/security/bulletin/2020-02-01
https://android.googlesource.com/platform/hardware/libhardware/+/2526448930008792615f8b8a718ad09f19390025

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Use-after-free

Severity: High

CVSSv3: 8.5 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2020-0026

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists within the System functionality of Android due to a use-after-free error in "Parcel::continueWrite" of "Parcel.cpp". A remote attacker can gain elevated privileges on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Google Android: 8.0, 8.1, 9.0, 10.0

CPE External links

https://source.android.com/security/bulletin/2020-02-01
https://android.googlesource.com/platform/frameworks/native/+/daf29a6dbfafc6c06654a3878c0ad2a7f8ebc063

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Information disclosure

Severity: Medium

CVSSv3: 6.5 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2020-0023

CWE-ID: CWE-200 - Information Exposure

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists within the System functionality of Android due to a missing permission check in "setPhonebookAccessPermission" of "AdapterService.java". A remote attacker can gain unauthorized access to sensitive information if a malicious app enables contacts over Bluetooth.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Google Android: 10.0

CPE External links

https://source.android.com/security/bulletin/2020-02-01
https://android.googlesource.com/platform/packages/apps/Bluetooth/+/0d8307f408f166862fbd6efb593c4d65...

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) Out-of-bounds write

Severity: High

CVSSv3: 7.1 [CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2020-0022

CWE-ID: CWE-787 - Out-of-bounds Write

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists within the System functionality of Android due to a boundary error when processing untrusted input in "reassemble_and_dispatch" of "packet_fragmenter.cc". A remote attacker can trigger out-of-bounds write and execute arbitrary code over Bluetooth on the target system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Google Android: 8.0, 8.1, 9.0, 10.0

CPE External links

https://source.android.com/security/bulletin/2020-02-01
https://android.googlesource.com/platform/system/bt/+/3cb7149d8fed2d7d77ceaa95bf845224c4db3baf

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

13) Out-of-bounds write

Severity: High

CVSSv3: 7.1 [CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2020-0005

CWE-ID: CWE-787 - Out-of-bounds Write

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists within the System functionality of Android due to a boundary error when processing untrusted input in "btm_read_remote_ext_features_complete" of "btm_acl.cc". A remote attacker can trigger out-of-bounds write and execute arbitrary code on the target system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Google Android: 8.0, 8.1, 9.0, 10.0

CPE External links

https://source.android.com/security/bulletin/2020-02-01
https://android.googlesource.com/platform/system/bt/+/771571f69ab9498e9104db3c5c367f1def0a5146

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

14) Race condition

Severity: Low

CVSSv3: 7.3 [CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2020-0030

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

Description

The vulnerability allows a local attacker to escalate privileges on the system.

The vulnerability exists within the "Binder driver" component of Android due to a race condition in "binder_thread_release" of "binder.c". A local attacker can use a specially crafted file to exploit the race, trigger a use-after-free error and execute arbitrary code with elevated privileges on the target system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Google Android: -

CPE External links

https://source.android.com/security/bulletin/2020-02-01
https://android.googlesource.com/kernel/common/+/5eeb2ca0

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.