Improper Check for Unusual or Exceptional Conditions in Google Android - CVE-2020-0382
Published: September 17, 2020 / Updated: September 22, 2020
Vulnerability identifier: #VU46908
CSH Severity: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2020-0382
CWE-ID: CWE-754
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
Google Android
Google Android
Software vendor:
Google
Description
The vulnerability allows a local privileged user to gain access to sensitive information.
In RunInternal of dumpstate.cpp, there is a possible user consent bypass due to an uncaught exception. This could lead to local information disclosure of bug report data with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-10Android ID: A-152944488
Remediation
Install update from vendor's website.