PT-2020-11561 · Google · Android

Published

2020-06-11

Updated

2021-07-21

CVE-2020-0203

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Android versions Android-10

Description The issue is related to a possible UID reuse due to improper cleanup in the freeIsolatedUidLocked function of ProcessList.java. This could lead to local escalation of privilege between constrained processes with no additional execution privileges needed. User interaction is not required for exploitation.

Recommendations For Android version Android-10, consider restricting access to the freeIsolatedUidLocked function of ProcessList.java to minimize the risk of exploitation until a patch is available.

Fix

Improper Resource Release

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-404

Related Identifiers

CVE-2020-0203

Affected Products

Android

PT-2020-11561 · Google · Android

CVE-2020-0203

Weakness Enumeration

Related Identifiers

Affected Products

References · 3