PT-2020-3580 · Google+4 · Android+4

Published

2020-06-01

·

Updated

2023-02-03

·

CVE-2020-0305

CVSS v2.0

6.6

Medium

VectorAV:L/AC:M/Au:S/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions Android versions Android-10
Description The issue is related to a use-after-free vulnerability in the cdev get function of char dev.c due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
Recommendations For Android version Android-10, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to the cdev get function in char dev.c to minimize the risk of exploitation.

Fix

Race Condition

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-362CWE-416

Related Identifiers

ALSA-2020:4431
BDU:2020-03913
CESA-2020_4431
CESA-2020_4609
CVE-2020-0305
OESA-2021-1086
OPENSUSE-SU-2020:1153-1
OPENSUSE-SU-2020:1236-1
OPENSUSE-SU-2020_1153-1
OPENSUSE-SU-2020_1236-1
OPENSUSE-SU-2021:0242-1
OPENSUSE-SU-2021_0242-1
RHSA-2020:4431
RHSA-2020:4609
RHSA-2020_4431
RHSA-2020_4609
SUSE-SU-2020:14442-1
SUSE-SU-2020:2102-1
SUSE-SU-2020:2103-1
SUSE-SU-2020:2105-1
SUSE-SU-2020:2106-1
SUSE-SU-2020:2107-1
SUSE-SU-2020:2119-1
SUSE-SU-2020:2121-1
SUSE-SU-2020:2122-1
SUSE-SU-2020:2134-1
SUSE-SU-2020:2152-1
SUSE-SU-2020:2487-1
SUSE-SU-2020:2605-1

Affected Products

Almalinux
Android
Centos
Red Hat
Suse