Multiple vulnerabilities in Google Android
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 15 |
| CVE-ID | CVE-2020-0096 CVE-2020-0097 CVE-2020-0098 CVE-2020-0094 CVE-2020-0100 CVE-2020-0093 CVE-2020-0101 CVE-2020-0105 CVE-2020-0109 CVE-2020-0102 CVE-2020-0092 CVE-2020-0104 CVE-2020-0106 CVE-2020-0024 CVE-2020-0103 |
| CWE-ID | CWE-264 CWE-787 CWE-125 CWE-200 CWE-276 CWE-119 |
| Exploitation vector | Network |
| Public exploit | Public exploit code for vulnerability #1 is available. |
| Vulnerable software Subscribe |
Google Android Operating systems & Components / Operating system |
| Vendor |
Security Bulletin
This security bulletin contains information about 15 vulnerabilities.
Updated 27.05.2020
Added vulnerabilities #4-15
1) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU28267
Risk: Low
CVSSv3.1: 7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2020-0096
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: Yes
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists within the Framework functionality of Android due to a confused deputy in startActivities of "ActivityStartController.java". A local user can gain elevated privileges on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsGoogle Android: 8.0 - 9.0
External linkshttp://source.android.com/security/bulletin/2020-05-01
http://android.googlesource.com/platform/frameworks/base/+/a952197bd161ac0e03abc6acb5f48e4ec2a56e9d
http://android.googlesource.com/platform/frameworks/base/+/7fc95f204527ee079c5891d56c969668f0b35a0b
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
2) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU28268
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-0097
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to escalate privileges on the system.
The vulnerability exists within the Framework functionality of Android due to a missing condition for system apps in various methods of "PackageManagerService.java". A local user can gain elevated privileges on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsGoogle Android: 9.0 - 10
External linkshttp://source.android.com/security/bulletin/2020-05-01
http://android.googlesource.com/platform/frameworks/base/+/8d0ae5c65cbcd72a820215eaeb50fcbc0dc531a8
http://android.googlesource.com/platform/frameworks/base/+/f98e1086f5a039d98becf7203367b663e72d09f5
http://android.googlesource.com/platform/frameworks/base/+/058cafe0c1f61e8edd25ba22e2c8e73a43c5d4ad
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU28269
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-0098
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists within the Framework functionality of Android due to a confused deputy in navigateUpToLocked of "ActivityStack.java". A local user can gain elevated privileges on the target system.
Install updates from vendor's website.
Vulnerable software versionsGoogle Android: 8.0 - 10
External linkshttp://source.android.com/security/bulletin/2020-05-01
http://android.googlesource.com/platform/frameworks/base/+/5deb172bf4d9e2b80cda0b8dd5d2b0573e1c86e9
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Out-of-bounds write
EUVDB-ID: #VU28270
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-0094
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a local user to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted input within the Media framework functionality in "setImageHeight" and "setImageWidth" of ExifUtils.cpp. A local user can trigger out-of-bounds write and execute arbitrary code on the target system with elevated privileges.
MitigationInstall updates from vendor's website.
Vulnerable software versionsGoogle Android: 9.0 - 10
External linkshttp://source.android.com/security/bulletin/2020-05-01
http://android.googlesource.com/platform/frameworks/av/+/64212a424b4819efb3b6c66e14f6b2b1b1023d4f
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Out-of-bounds read
EUVDB-ID: #VU28272
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-0100
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to incorrect error handling in "onTransact" of "IHDCP.cpp" within the Media framework functionality. A local user can trigger out-of-bounds read error and read contents of memory on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Android: 8.0 - 8.1
External linkshttp://source.android.com/security/bulletin/2020-05-01
http://android.googlesource.com/platform/frameworks/av/+/cf4c5675c2c7ab822ed1ff12350c78575153f3cb
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Out-of-bounds read
EUVDB-ID: #VU28271
Risk: Low
CVSSv3.1: 4.4 [CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-0093
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to a missing bounds check in "exif_data_save_data_entry" of "exif-data.c" file within the Media framework functionality. A local user can trigger out-of-bounds read error and read contents of memory on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Android: 8.0 - 10
External linkshttp://lists.debian.org/debian-lts-announce/2020/05/msg00016.html
http://source.android.com/security/bulletin/2020-05-01
http://android.googlesource.com/platform/external/libexif/+/0335ffc17f9b9a4831c242bb08ea92f605fde7a6
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Information disclosure
EUVDB-ID: #VU28273
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-0101
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to uninitialized data in "BnCrypto::onTransact" of "ICrypto.cpp" within the Media framework functionality. A local user can gain unauthorized access to sensitive information on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsGoogle Android: 8.0 - 10
External linkshttp://source.android.com/security/bulletin/2020-05-01
http://android.googlesource.com/platform/frameworks/av/+/63889889c06e95529432177c457d6cdb4fcecac8
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU28278
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-0105
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a missing permission check in "onKeyguardVisibilityChanged" of "key_store_service.cpp" within the System functionality. A local user can gain elevated privileges on the target system, allowing apps to use keyguard-bound keys when the screen is locked.
MitigationInstall updates from vendor's website.
Vulnerable software versionsGoogle Android: 9.0 - 10
External linkshttp://source.android.com/security/bulletin/2020-05-01
http://android.googlesource.com/platform/system/security/+/1642dc003964aed54724d17d840f883f0537cebd
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU28277
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-0109
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a missing permission check in "simulatePackageSuspendBroadcast" of "NotificationManagerService.java" within the System functionality. A local user can create fake system notifications and gain elevated privileges on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsGoogle Android: 9.0 - 10
External linkshttp://source.android.com/security/bulletin/2020-05-01
http://android.googlesource.com/platform/frameworks/base/+/adc39de3a148a2058d63bd7a1b8b71ee0a3524ac
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Out-of-bounds write
EUVDB-ID: #VU28276
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-0102
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a local user to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted input in "GattServer::SendResponse" of "gatt_server.cc" within the System functionality. A local user can trigger out-of-bounds write and execute arbitrary code on the target system with elevated privileges.
MitigationInstall updates from vendor's website.
Vulnerable software versionsGoogle Android: 8.0 - 10
External linkshttp://source.android.com/security/bulletin/2020-05-01
http://android.googlesource.com/platform/system/bt/+/6b7373a32e0a0628b497c1fbec5141ca47ef61b5
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Information disclosure
EUVDB-ID: #VU28280
Risk: Low
CVSSv3.1: 4.4 [CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-0092
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to a permissions bypass in "setHideSensitive" of "NotificationStackScrollLayout.java" within the System functionality. A local user can gain unauthorized access to sensitive information on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsGoogle Android: 10
External linkshttp://source.android.com/security/bulletin/2020-05-01
http://android.googlesource.com/platform/frameworks/base/+/2a81aed66366c2d38feb7be05d355ff819e60355
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Information disclosure
EUVDB-ID: #VU28282
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-0104
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to a logic error in "onShowingStateChanged" of "KeyguardStateMonitor.java" within the System functionality. A local user can gain unauthorized access to sensitive information of keyguard-protected data.
MitigationInstall updates from vendor's website.
Vulnerable software versionsGoogle Android: 9.0 - 10
External linkshttp://source.android.com/security/bulletin/2020-05-01
http://android.googlesource.com/platform/frameworks/base/+/576c4d816c8efe8b9bf7dc88880d8ccde3beacee
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Information disclosure
EUVDB-ID: #VU28281
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-0106
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to a missing SDK version check in "getCellLocation" of "PhoneInterfaceManager.java" within the System functionality. A local user can gain unauthorized access to sensitive information on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsGoogle Android: 10
External linkshttp://source.android.com/security/bulletin/2020-05-01
http://android.googlesource.com/platform/packages/services/Telephony/+/460a6de550d7e78ffb3032b92fdb05845c10ef06
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Incorrect default permissions
EUVDB-ID: #VU28279
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-0024
CWE-ID:
CWE-276 - Incorrect Default Permissions
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to escalate privileges on the system.
The vulnerability exists due to incorrect default permissions for files and folders that are set by the application in "onCreate" of "SettingsBaseActivity.java" within the System functionality. A local attacker can view contents of files and directories or modify them.
MitigationInstall updates from vendor's website.
Vulnerable software versionsGoogle Android: 8.0 - 10
External linkshttp://source.android.com/security/bulletin/2020-05-01
http://android.googlesource.com/platform/packages/apps/Settings/+/3c6a3011fa797bc00e5246b04e961847c0e60a1c
http://android.googlesource.com/platform/packages/apps/Settings/+/abe9cee25ecda73b84c6baad1fa631bf3a47572b
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Buffer overflow
EUVDB-ID: #VU28274
Risk: High
CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-0103
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in "a2dp_aac_decoder_cleanup" of "a2dp_aac_decoder.cc" within the System functionality. A remote attacker can trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsGoogle Android: 9.0 - 10
External linkshttp://source.android.com/security/bulletin/2020-05-01
http://android.googlesource.com/platform/system/bt/+/89321d6f0d47724dc7f0c17f7d7302d1fe75086b
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
