Type Confusion in Google Android - CVE-2020-0336

 

Type Confusion in Google Android - CVE-2020-0336

Published: September 17, 2020 / Updated: September 22, 2020


Vulnerability identifier: #VU46895
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2020-0336
CWE-ID: CWE-843
Exploitation vector: Local access
Exploit availability: No public exploit available
Vendor: Google
Affected software:
Google Android

Detailed vulnerability description

The vulnerability allows a local privileged user to execute arbitrary code.

In SurfaceFlinger, there is possible memory corruption due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-153467444


How to mitigate CVE-2020-0336

Install update from vendor's website.

Sources