PT-2020-1246 · Google+7 · Android+7

Published

2020-05-20

Updated

2024-06-15

CVE-2020-0256

CVSS v2.0

7.2

High

Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Android versions 8.0 through 10

Description The issue is related to a missing bounds check in the LoadPartitionTable function of gpt.cc, which could lead to a local escalation of privilege when a malicious USB device is inserted. No additional execution privileges are needed, and user interaction is not required for exploitation. This could potentially allow an attacker to access confidential data, compromise its integrity, and cause a denial of service.

Recommendations For Android versions 8.0 through 10, update to a version that includes a fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787

Related Identifiers

ALSA-2022:7700

ALT-PU-2021-3174

ALT-PU-2022-2831

ASB-A-152874864

BDU:2023-01665

CESA-2022_7700

CVE-2020-0256

DLA-2549-1

MGASA-2021-0073

OPENSUSE-SU-2024:10816-1

RHSA-2022:7700

RHSA-2022_7700

RHSA-2024:3486

RLSA-2022:7700

USN-5262-1

Affected Products

Alt Linux

Almalinux

Android

Astra Linux

Centos

Red Hat

Rocky Linux

Ubuntu

PT-2020-1246 · Google+7 · Android+7

CVE-2020-0256

Weakness Enumeration

Related Identifiers

Affected Products

References · 44