CVE-2020-0075

Name of the Vulnerable Software and Affected Versions Android kernel

Description The issue is related to a missing bounds check in the set shared key function of the FPC IRIS TrustZone app, which could lead to a local information disclosure. This requires System execution privileges and does not need user interaction for exploitation.

Recommendations For Android kernel, consider applying a patch that includes a bounds check in the set shared key function to prevent out of bounds read. As a temporary workaround, consider restricting access to the set shared key function until a patch is available.