Improper Privilege Management in Google Android - CVE-2020-0203

 

Improper Privilege Management in Google Android - CVE-2020-0203

Published: June 11, 2020 / Updated: August 8, 2020


Vulnerability identifier: #VU34329
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2020-0203
CWE-ID: CWE-269
Exploitation vector: Local access
Exploit availability: No public exploit available
Vendor: Google
Affected software:
Google Android

Detailed vulnerability description

The vulnerability allows a local authenticated user to execute arbitrary code.

In freeIsolatedUidLocked of ProcessList.java, there is a possible UID reuse due to improper cleanup. This could lead to local escalation of privilege between constrained processes with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-146313311


How to mitigate CVE-2020-0203

Install update from vendor's website.

Sources