PT-2020-5813 · Google+1 · Android Kernel+1

Published

2020-09-17

Updated

2021-12-08

CVE-2020-0429

CVSS v2.0

6.8

Medium

Vector

AV:L/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions: Android kernel versions (affected versions not specified)

Description: The issue is related to a use after free in the l2tp session delete function of l2tp core.c in the Android kernel, which could lead to memory corruption. This could allow an attacker to escalate their privileges locally with System execution privileges. No user interaction is needed for exploitation.

Recommendations: For Android kernel, consider restricting access to the l2tp session delete function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Memory Corruption

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787CWE-416

Related Identifiers

BDU:2021-01782

CVE-2020-0429

OPENSUSE-SU-2021:3876-1

OPENSUSE-SU-2021_3876-1

SUSE-SU-2020:3219-1

SUSE-SU-2020:3225-1

SUSE-SU-2020:3648-1

SUSE-SU-2020:3656-1

SUSE-SU-2020_3219-1

SUSE-SU-2020_3648-1

SUSE-SU-2020_3656-1

SUSE-SU-2021:0835-1

SUSE-SU-2021:1074-1

SUSE-SU-2021:1148-1

SUSE-SU-2021:2026-1

SUSE-SU-2021:2643-1

SUSE-SU-2021:2644-1

SUSE-SU-2021:2647-1

SUSE-SU-2021:2846-1

SUSE-SU-2021:3876-1

SUSE-SU-2021:3929-1

SUSE-SU-2021:3935-1

SUSE-SU-2021:3972-1

SUSE-SU-2021_1074-1

SUSE-SU-2021_1148-1

SUSE-SU-2021_2026-1

SUSE-SU-2021_2644-1

SUSE-SU-2021_2647-1

SUSE-SU-2021_2846-1

Affected Products

Android Kernel

Suse

PT-2020-5813 · Google+1 · Android Kernel+1

CVE-2020-0429

Weakness Enumeration

Related Identifiers

Affected Products

References · 282