Main Vulnerability Database Vulnerabilities #VU34511

Type Confusion in Google Android - CVE-2020-11603

Published: April 8, 2020 / Updated: August 8, 2020

Vulnerability identifier: #VU34511

CSH Severity: High

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2020-11603

CWE-ID: CWE-843

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Google

Affected software:
Google Android

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) (incorporating TEEGRIS) software. Type confusion in the MLDAP Trustlet allows arbitrary code execution. The Samsung ID is SVE-2020-16599 (April 2020).

How to mitigate CVE-2020-11603

Install update from vendor's website.

Sources

https://security.samsungmobile.com/securityUpdate.smsb
https://www.tuttoandroid.net/samsung/samsung-patch-sicurezza-aprile-2020-798658/

Type Confusion in Google Android - CVE-2020-11603

Detailed vulnerability description

How to mitigate CVE-2020-11603

Sources

Please verify you're human