Permissions, Privileges, and Access Controls in Google Android - CVE-2020-0227
Published: July 10, 2020
Vulnerability identifier: #VU29646
CSH Severity: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2020-0227
CWE-ID: CWE-264
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
Google Android
Google Android
Software vendor:
Google
Description
The vulnerability allows a local attacker to escalate privileges on the system.
The vulnerability exists due to application does not properly impose security restrictions within the Framework functionality. A local attacker can use a malicious application and gain elevated privileges on the target system.
Remediation
Install updates from vendor's website.
External links
- https://source.android.com/security/bulletin/2020-07-01
- https://android.googlesource.com/platform/cts/+/4f7dc13067ab4aa4f0c3f5373ee0a28c0285eea1
- https://android.googlesource.com/platform/cts/+/7d87a0e0a7bcda698b30957bce3c21d64a965e89
- https://android.googlesource.com/platform/cts/+/8643636095dc9b3c70a62ef16f68df12dff67fe7
- https://android.googlesource.com/platform/frameworks/base/+/84cccfe6cdbc57ee372ee1a0fea64c7a11c53766
- https://android.googlesource.com/platform/frameworks/base/+/98f45443e1cf397ab92b4cecd9200c2dcccf099b
- https://android.googlesource.com/platform/frameworks/base/+/b4aaa9d8adae5971f7f6589afc22008afa2f8d2b