Google · Android Kernel · CVE-2020-0067
**Name of the Vulnerable Software and Affected Versions**
Android kernel
**Description**
The issue is related to a missing bounds check in the `f2fs xattr generic list` function of `xattr.c`, which could lead to a possible out of bounds read. This may result in local information disclosure, requiring System execution privileges for exploitation. No user interaction is needed for exploitation.
**Recommendations**
For Android kernel, consider applying a patch that includes a bounds check for the `f2fs xattr generic list` function to prevent out of bounds reads.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.