Use-after-free in Google Android - CVE-2020-0303

 

Use-after-free in Google Android - CVE-2020-0303

Published: September 17, 2020 / Updated: September 24, 2020


Vulnerability identifier: #VU47024
CSH Severity: High
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: CVE-2020-0303
CWE-ID: CWE-416
Exploitation vector: Remote access
Exploit availability: No public exploit available
Vendor: Google
Affected software:
Google Android

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

In the Media extractor, there is a possible use after free due to improper locking. This could lead to remote code execution in the media extractor with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-148223229


How to mitigate CVE-2020-0303

Install update from vendor's website.

Sources