Out-of-bounds write in Google Android - CVE-2020-0186

 

Out-of-bounds write in Google Android - CVE-2020-0186

Published: June 11, 2020 / Updated: August 8, 2020


Vulnerability identifier: #VU34313
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2020-0186
CWE-ID: CWE-787
Exploitation vector: Local access
Exploit availability: No public exploit available
Vendor: Google
Affected software:
Google Android

Detailed vulnerability description

The vulnerability allows a local privileged user to execute arbitrary code.

In hal_fd_init of hal_fd.cc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-146144463


How to mitigate CVE-2020-0186

Install update from vendor's website.

Sources