Input validation error in Google Android - CVE-2020-0265

 

Input validation error in Google Android - CVE-2020-0265

Published: September 18, 2020 / Updated: September 21, 2020


Vulnerability identifier: #VU46855
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2020-0265
CWE-ID: CWE-20
Exploitation vector: Local access
Exploit availability: No public exploit available
Vendor: Google
Affected software:
Google Android

Detailed vulnerability description

The vulnerability allows a local authenticated user to gain access to sensitive information.

In Telephony, there are possible leaks of sensitive data due to missing permission checks. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-150155839


How to mitigate CVE-2020-0265

Install update from vendor's website.

Sources