CVE-2020-0138

Name of the Vulnerable Software and Affected Versions Android versions Android-10

Description The issue is related to a possible out of bounds write in the get element attr rsp function of btif rc.cc due to a missing bounds check. This could potentially lead to remote code execution, although it's noted that the specific conditions under which this could happen are not typical in Android platforms. No additional execution privileges are needed, and user interaction is not required for exploitation.

Recommendations For Android version Android-10, consider applying a patch that includes a bounds check in the get element attr rsp function to prevent out of bounds writes. As a temporary workaround, restrict the use of the btif rc.cc module to minimize the risk of exploitation.