Skip to main content

Android CVE-2020-0110

HIGH
Out-of-bounds Write (CWE-787)
2020-05-14 security@android.com
Buffer Overflow Google Privilege Escalation Memory Corruption Android Jhl6540 Firmware Jhl6340 Firmware Jhl6240 Firmware Jhl7540 Firmware Jhl7440 Firmware Jhl7340 Firmware Jhl8540 Firmware Jhl8440 Firmware Core I7 11850He Firmware Core I7 11600H Firmware Core I7 11390H Firmware Core I7 1195G7 Firmware Core I7 11800H Firmware Core I7 11850H Firmware Core I7 11700Kf Firmware Core I7 11700F Firmware Core I7 11700 Firmware Core I7 11700T Firmware Core I7 11700K Firmware Core I7 11370H Firmware Core I7 1180G7 Firmware Core I7 11375H Firmware Core I7 1185Gre Firmware Core I7 1185G7E Firmware Core I7 1165G7 Firmware Core I7 1185G7 Firmware Core I7 1160G7 Firmware Core I9 11950H Firmware Core I9 11980Hk Firmware Core I9 11900H Firmware Core I9 11900 Firmware Core I9 11900F Firmware Core I9 11900T Firmware Core I9 11900Kf Firmware Core I9 11900K Firmware Core I5 11500He Firmware Core I5 11320H Firmware Core I5 1155G7 Firmware Core I5 11260H Firmware Core I5 11400H Firmware Core I5 11500H Firmware Core I5 11600 Firmware Core I5 11600T Firmware Core I5 11500 Firmware Core I5 11600Kf Firmware Core I5 11600K Firmware Core I5 11400T Firmware Core I5 11500T Firmware Core I5 11400F Firmware Core I5 11400 Firmware Core I5 11300H Firmware Core I5 1145G7 Firmware Core I5 1140G7 Firmware Core I5 1145G7E Firmware Core I5 1145Gre Firmware Core I5 1135G7 Firmware Core I5 1130G7 Firmware Core I3 11100He Firmware Core I3 1115Gre Firmware Core I3 1115G4E Firmware Core I3 1125G4 Firmware Core I3 1120G4 Firmware Core I3 1110G4 Firmware Core I3 1115G4 Firmware Core I3 10105F Firmware Core I3 10305T Firmware Core I3 10105 Firmware Core I3 10305 Firmware Core I3 10105T Firmware Core I3 10325 Firmware Core I3 10100Y Firmware Core I3 10100F Firmware Core I3 10300T Firmware Core I3 10100 Firmware Core I3 10100T Firmware Core I3 10300 Firmware Core I3 10320 Firmware Core I3 10100E Firmware Core I3 10100Te Firmware Core I3 10110Y Firmware Core I3 10110U Firmware Core I3 1000G4 Firmware Core I3 1000G1 Firmware Core I3 1005G1 Firmware Core I5 10505 Firmware Core I5 10500H Firmware Core I5 10200H Firmware Core I5 10310U Firmware Core I5 1038Ng7 Firmware Core I5 10500 Firmware Core I5 10500E Firmware Core I5 10500Te Firmware Core I5 10600Kf Firmware Core I5 10600K Firmware Core I5 10600T Firmware Core I5 10400F Firmware Core I5 10400T Firmware Core I5 10500T Firmware Core I5 10600 Firmware Core I5 10400 Firmware Core I5 10300H Firmware Core I5 10400H Firmware Core I5 10210U Firmware Core I5 10210Y Firmware Core I5 10310Y Firmware Core I5 1030G4 Firmware Core I5 1030G7 Firmware Core I5 1035G1 Firmware Core I5 1035G7 Firmware Core I5 1035G4 Firmware Core I7 10870H Firmware Core I7 10610U Firmware Core I7 10810U Firmware Core I7 1068Ng7 Firmware Core I7 10700Kf Firmware Core I7 10700E Firmware Core I7 10700Te Firmware Core I7 10700K Firmware Core I7 10700F Firmware Core I7 10700 Firmware Core I7 10700T Firmware Core I7 10750H Firmware Core I7 10850H Firmware Core I7 10875H Firmware Core I7 10710U Firmware Core I7 10510Y Firmware Core I7 10510U Firmware Core I7 1060G7 Firmware Core I7 1065G7 Firmware Core I9 10850K Firmware Core I9 10885H Firmware Core I9 10900T Firmware Core I9 10900 Firmware Core I9 10900F Firmware Core I9 10900Kf Firmware Core I9 10900K Firmware Core I9 10900Te Firmware Core I9 10900E Firmware Core I9 10980Hk Firmware
7.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.8 HIGH
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
May 14, 2020 - 21:15 nvd
HIGH 7.8

DescriptionNVD

In psi_write of psi.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-148159562References: Upstream kernel

AnalysisAI

In psi_write of psi.c, there is a possible out of bounds write due to a missing bounds check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Technical ContextAI

This vulnerability is classified as Out-of-bounds Write (CWE-787), which allows attackers to write data beyond allocated buffer boundaries leading to code execution or crashes. In psi_write of psi.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-148159562References: Upstream kernel Affected products include: Google Android, Intel Jhl6540 Firmware, Intel Jhl6340 Firmware, Intel Jhl6240 Firmware, Intel Jhl7540 Firmware.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Validate write boundaries, use memory-safe languages, enable compiler protections (ASLR, stack canaries).

CVE-2015-3105 CRITICAL POC
10.0 Jun 10

Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160 on Windows and OS X and before 11.2.202.466

CVE-2015-3864 CRITICAL POC
10.0 Oct 01

Integer underflow in the MPEG4Extractor::parseChunk function in MPEG4Extractor.cpp in libstagefright in mediaserver in A

CVE-2013-4710 CRITICAL POC
9.3 Mar 03

Android 3.0 through 4.1.x on Disney Mobile, eAccess, KDDI, NTT DOCOMO, SoftBank, and other devices does not properly imp

CVE-2015-1538 CRITICAL POC
10.0 Oct 01

Integer overflow in the SampleTable::setSampleToChunkParams function in SampleTable.cpp in libstagefright in Android bef

CVE-2024-21633 HIGH POC
7.8 Jan 03

Apktool versions 2.9.1 and prior contain a path traversal vulnerability when processing Android APK files. Malicious APK

CVE-2017-13156 HIGH POC
7.8 Dec 06

An elevation of privilege vulnerability in the Android system (art). Rated high severity (CVSS 7.8), this vulnerability

CVE-2016-2107 MEDIUM POC
5.9 May 05

The AES-NI implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h does not consider memory allocation during a

CVE-2015-3106 CRITICAL POC
10.0 Jun 10

Use-after-free vulnerability in Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160 on Windows

CVE-2015-3107 CRITICAL POC
10.0 Jun 10

Use-after-free vulnerability in Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160 on Windows

CVE-2013-4787 CRITICAL POC
9.3 Jul 09

Android 1.6 Donut through 4.2 Jelly Bean does not properly check cryptographic signatures for applications, which allows

CVE-2014-7911 HIGH
7.2 Dec 15

luni/src/main/java/java/io/ObjectInputStream.java in the java.io.ObjectInputStream implementation in Android before 5.0.

CVE-2016-0801 CRITICAL POC
9.8 Feb 07

The Broadcom Wi-Fi driver in the kernel in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49G, and 6.x before 2016-02-01

Share

CVE-2020-0110 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy