Information disclosure in Google Android - CVE-2019-20625
Published: March 24, 2020 / Updated: August 8, 2020
Vulnerability identifier: #VU34634
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2019-20625
CWE-ID: CWE-200
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Google
Affected software:
Google Android
Google Android
Detailed vulnerability description
The vulnerability allows a local authenticated user to gain access to sensitive information.
An issue was discovered on Samsung mobile devices with N(7.1) and O(8.x) (Exynos chipsets) software. The ion debugfs driver allows information disclosure. The Samsung ID is SVE-2018-13427 (February 2019).
How to mitigate CVE-2019-20625
Install update from vendor's website.