PT-2020-11740 · Google · Android Kernel

Published

2020-09-17

Updated

2021-07-21

CVE-2020-0387

CVSS v2.0

9.3

High

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Android kernel

Description The issue is related to a possible tapjacking vector in the manifest files of the SmartSpace package due to a missing permission check. This could lead to local escalation of privilege and account hijacking with no additional execution privileges needed. User interaction is required for exploitation.

Recommendations For Android kernel, consider implementing a permission check in the manifest files of the SmartSpace package to prevent tapjacking vectors. As a temporary workaround, restrict user interaction with the SmartSpace package until a proper fix is applied.

Fix

Missing Authorization

Clickjacking

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-862CWE-1021

Related Identifiers

CVE-2020-0387

Affected Products

Android Kernel

PT-2020-11740 · Google · Android Kernel

CVE-2020-0387

Weakness Enumeration

Related Identifiers

Affected Products

References · 3