PT-2020-16633 · Google · Android
Published
2020-12-15
·
Updated
2021-07-21
·
CVE-2020-27057
CVSS v3.1
3.3
Low
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Android version 11
Description
A permission bypass issue exists in the GpuService.cpp file, specifically in the
getGpuStatsGlobalInfo and getGpuStatsAppInfo functions, due to a missing permission check. This could lead to local information disclosure of GPU statistics, requiring User execution privileges. No user interaction is needed for exploitation.Recommendations
For Android version 11, apply the fix provided by the Android security update to resolve the permission bypass issue in the GpuService.cpp file.
Fix
Missing Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Android