Out-of-bounds write in Google Android - CVE-2020-12746

 

Out-of-bounds write in Google Android - CVE-2020-12746

Published: May 11, 2020 / Updated: August 8, 2020


Vulnerability identifier: #VU34399
CSH Severity: High
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: CVE-2020-12746
CWE-ID: CWE-787
Exploitation vector: Remote access
Exploit availability: No public exploit available
Vendor: Google
Affected software:
Google Android

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

An issue was discovered on Samsung mobile devices with O(8.X), P(9.0), and Q(10.0) (Exynos chipsets) software. Attackers can bypass the Secure Bootloader protection mechanism via a heap-based buffer overflow to execute arbitrary code. The Samsung ID is SVE-2020-16712 (May 2020).


How to mitigate CVE-2020-12746

Install update from vendor's website.

Sources