Main Vulnerability Database Vulnerabilities #VU46341

Inclusion of Sensitive Information in Log Files in Google Android - CVE-2020-25046

Published: August 31, 2020 / Updated: September 8, 2020

Vulnerability identifier: #VU46341

CSH Severity: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2020-25046

CWE-ID: CWE-532

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
Google Android

Software vendor:
Google

Description

The vulnerability allows a local authenticated user to gain access to sensitive information.

An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. The USB driver leaks address information via kernel logging. The Samsung IDs are SVE-2020-17602, SVE-2020-17603, SVE-2020-17604 (August 2020).

Remediation

Install update from vendor's website.

External links

https://security.samsungmobile.com/securityUpdate.smsb

Inclusion of Sensitive Information in Log Files in Google Android - CVE-2020-25046

Description

Remediation

External links

Please verify you're human