Main Vulnerability Database Vulnerabilities #VU48932

#VU48932 Race condition in Google Android - CVE-2020-27059

Published: December 11, 2020

Vulnerability identifier: #VU48932

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2020-27059

CWE-ID: CWE-362

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
Google Android

Software vendor:
Google

Description

The vulnerability allows a malicious application to elevate privileges on the system.

The vulnerability exists due to a race condition when processing two activities, related to fingerprint input. A malicious application installed on the device can bypass mitigations, implemented by Android and gain elevated privileges within the system.

Remediation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

A patch will be released in the January 2021 Android Security Bulletin.

External links

https://www.darkreading.com/threat-intelligence/fingerprint-jacking-attack-technique-manipulates-android-ui-/d/d-id/1339684

#VU48932 Race condition in Google Android - CVE-2020-27059

Description

Remediation

External links

Please verify you're human