Improper Privilege Management in Google Android - CVE-2020-0108
Published: August 11, 2020 / Updated: December 11, 2020
Vulnerability identifier: #VU45857
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear
CVE-ID: CVE-2020-0108
CWE-ID: CWE-269
Exploitation vector: Local access
Exploit availability:
Public exploit is available
Vendor: Google
Affected software:
Google Android
Google Android
Detailed vulnerability description
The vulnerability allows a local authenticated user to execute arbitrary code.
In postNotification of ServiceRecord.java, there is a possible bypass of foreground process restrictions due to an uncaught exception. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-8.1 Android-9Android ID: A-140108616
How to mitigate CVE-2020-0108
Install update from vendor's website.