Out-of-bounds write in Google Android - CVE-2020-0356

 

Out-of-bounds write in Google Android - CVE-2020-0356

Published: September 17, 2020 / Updated: September 24, 2020


Vulnerability identifier: #VU47029
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2020-0356
CWE-ID: CWE-787
Exploitation vector: Local access
Exploit availability: No public exploit available
Vendor: Google
Affected software:
Google Android

Detailed vulnerability description

The vulnerability allows a local privileged user to execute arbitrary code.

In the Audio HAL, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-143787559


How to mitigate CVE-2020-0356

Install update from vendor's website.

Sources