Improper Privilege Management in Google Android - CVE-2020-25060

 

Improper Privilege Management in Google Android - CVE-2020-25060

Published: August 31, 2020 / Updated: September 8, 2020


Vulnerability identifier: #VU46348
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2020-25060
CWE-ID: CWE-269
Exploitation vector: Local access
Exploit availability: No public exploit available
Vendor: Google
Affected software:
Google Android

Detailed vulnerability description

The vulnerability allows a local authenticated user to execute arbitrary code.

An issue was discovered on LG mobile devices with Android OS 7.2, 8.0, 8.1, 9, and 10 software. Local users can gain privileges because of LAF and SBL1 flaws. The LG ID is LVE-SMP-200015 (July 2020).


How to mitigate CVE-2020-25060

Install update from vendor's website.

Sources