Input validation error in Google Android - CVE-2020-0004

 

Input validation error in Google Android - CVE-2020-0004

Published: January 8, 2020 / Updated: August 8, 2020


Vulnerability identifier: #VU34886
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2020-0004
CWE-ID: CWE-20
Exploitation vector: Local access
Exploit availability: No public exploit available
Vendor: Google
Affected software:
Google Android

Detailed vulnerability description

The vulnerability allows a local authenticated user to perform a denial of service (DoS) attack.

In generateCrop of WallpaperManagerService.java, there is a possible sysui crash due to image exceeding maximum texture size. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-120847476


How to mitigate CVE-2020-0004

Install update from vendor's website.

Sources