Main Vulnerability Database Vulnerabilities #VU34883

Improper Privilege Management in Google Android - CVE-2020-0001

Published: January 8, 2020 / Updated: January 6, 2021

Vulnerability identifier: #VU34883

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear

CVE-ID: CVE-2020-0001

CWE-ID: CWE-269

Exploitation vector: Local access

Exploit availability: Public exploit is available

Vendor: Google

Affected software:
Google Android

Detailed vulnerability description

The vulnerability allows a local authenticated user to execute arbitrary code.

In getProcessRecordLocked of ActivityManagerService.java isolated apps are not handled correctly. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-8.0, Android-8.1, Android-9, and Android-10 Android ID: A-140055304

How to mitigate CVE-2020-0001

Install update from vendor's website.

Sources

https://source.android.com/security/bulletin/2020-01-01

Improper Privilege Management in Google Android - CVE-2020-0001

Detailed vulnerability description

How to mitigate CVE-2020-0001

Sources

Please verify you're human