Improper Check for Unusual or Exceptional Conditions in Google Android - CVE-2020-0382

 

Improper Check for Unusual or Exceptional Conditions in Google Android - CVE-2020-0382

Published: September 17, 2020 / Updated: September 22, 2020


Vulnerability identifier: #VU46908
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2020-0382
CWE-ID: CWE-754
Exploitation vector: Local access
Exploit availability: No public exploit available
Vendor: Google
Affected software:
Google Android

Detailed vulnerability description

The vulnerability allows a local privileged user to gain access to sensitive information.

In RunInternal of dumpstate.cpp, there is a possible user consent bypass due to an uncaught exception. This could lead to local information disclosure of bug report data with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-10Android ID: A-152944488


How to mitigate CVE-2020-0382

Install update from vendor's website.

Sources