PT-2020-5175 · Google+4 · Android Kernel+4

Published

2020-09-08

·

Updated

2021-05-18

·

CVE-2020-0431

CVSS v2.0

7.2

High

VectorAV:L/AC:L/Au:N/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions Android kernel
Description The issue is related to the kbd keycode function in keyboard.c, which is associated with an out of bounds write in memory due to a missing bounds check. This could lead to local escalation of privilege without requiring additional execution privileges. User interaction is not necessary for exploitation.
Recommendations For Android kernel, consider applying a patch that includes bounds checking for the kbd keycode function to prevent out of bounds writes. As a temporary workaround, restrict access to sensitive areas of the system that could be exploited through this vulnerability until a patch is available.

Exploit

Fix

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-787

Related Identifiers

ALSA-2021:1578
BDU:2020-05788
CESA-2021_1578
CESA-2021_1739
CVE-2020-0431
OESA-2021-1086
OPENSUSE-SU-2020:1586-1
OPENSUSE-SU-2020:1655-1
OPENSUSE-SU-2020_1586-1
OPENSUSE-SU-2020_1655-1
OPENSUSE-SU-2021:0242-1
OPENSUSE-SU-2021_0242-1
RHSA-2021:1578
RHSA-2021:1739
RHSA-2021_1578
RHSA-2021_1739
SUSE-SU-2020:2879-1
SUSE-SU-2020:2904-1
SUSE-SU-2020:2905-1
SUSE-SU-2020:2906-1
SUSE-SU-2020:2907-1
SUSE-SU-2020:2908-1
SUSE-SU-2020:2999-1
SUSE-SU-2020:3014-1
SUSE-SU-2020:3178-1
SUSE-SU-2020:3180-1
SUSE-SU-2020:3204-1
SUSE-SU-2020:3219-1
SUSE-SU-2020:3225-1
SUSE-SU-2020:3501-1
SUSE-SU-2020:3503-1
SUSE-SU-2020:3532-1
SUSE-SU-2020:3544-1
SUSE-SU-2020_3178-1
SUSE-SU-2021:14630-1
SUSE-SU-2021_14630-1

Affected Products

Almalinux
Android Kernel
Centos
Red Hat
Suse