CVE-2020-0053

Name of the Vulnerable Software and Affected Versions Android versions Android-10

Description The issue is related to a possible out of bounds write due to a missing bounds check in the convertHidlNanDataPathInitiatorRequestToLegacy and convertHidlNanDataPathIndicationResponseToLegacy functions of hidl struct util.cpp. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Recommendations For Android version Android-10, update to a version that includes the fix for the out of bounds write issue in hidl struct util.cpp. As a temporary workaround, consider restricting access to the convertHidlNanDataPathInitiatorRequestToLegacy and convertHidlNanDataPathIndicationResponseToLegacy functions until a patch is available.