Main Vulnerability Database Vulnerabilities #VU47024

Use-after-free in Google Android - CVE-2020-0303

Published: September 17, 2020 / Updated: September 24, 2020

Vulnerability identifier: #VU47024

CSH Severity: High

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2020-0303

CWE-ID: CWE-416

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Google Android

Software vendor:
Google

Description

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

In the Media extractor, there is a possible use after free due to improper locking. This could lead to remote code execution in the media extractor with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-148223229

Remediation

Install update from vendor's website.

External links

https://source.android.com/security/bulletin/android-11

Use-after-free in Google Android - CVE-2020-0303

Description

Remediation

External links

Please verify you're human