CVE-2020-0227

Name of the Vulnerable Software and Affected Versions Android versions 8.0 through 10

Description A permissions bypass issue exists due to a missing permission check in the onCommand method of CompanionDeviceManagerService.java. This could lead to local escalation of privilege, allowing background data usage or launching from the background without requiring additional execution privileges. User interaction is not needed for exploitation.

Recommendations For Android versions 8.0 through 10, consider restricting background data usage and launching from the background as a temporary mitigation measure until a patch is available.