SB2020021415 - Multiple vulnerabilities in Google Android
Published: February 14, 2020 Updated: September 13, 2023
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 14 secuirty vulnerabilities.
1) Input validation error (CVE-ID: CVE-2020-0021)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists within the Framework functionality of Android due to a missing package dependency test in "removeUnusedPackagesLPw" of "PackageManagerService.java". A remote attacker can cause a denial of service condition on the target system.
2) Out-of-bounds read (CVE-ID: CVE-2020-0020)
The vulnerability allows a local attacker to gain access to potentially sensitive information.
The vulnerability exists within the Framework functionality of Android due to a boundary condition in "getAttributeRange" of "ExifInterface.java" when the vulnerable software fails to redact location information from media files. A local attacker can trigger out-of-bounds read error and read contents of memory on the system.
3) Information disclosure (CVE-ID: CVE-2020-0018)
The vulnerability allows a local attacker to gain access to potentially sensitive information.
The vulnerability exists within the Framework functionality of Android due to an error in "MotionEntry::appendDescription" of "InputDispatcher.cpp". A local attacker can gain unauthorized access to sensitive information on the system.
4) Information disclosure (CVE-ID: CVE-2020-0017)
The vulnerability allows a local attacker to gain access to potentially sensitive information.
The vulnerability exists within the Framework functionality of Android due to a possibility for the primary users dictionary to be visible to and modifiable by secondary users in multiple places. A local attacker can gain unauthorized access to sensitive information on the system.
5) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2019-2200)
The vulnerability allows a local attacker to escalate privileges on the system.
The vulnerability exists due to a permission bypass in "updatePermissions" of "PermissionManagerService.java". A local attacker can use a malicious app to obtain a custom permission from another app and gain elevated privileges on the target system.
6) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2020-0015)
The vulnerability allows a local attacker to escalate privileges on the system.
The vulnerability exists within the Framework functionality of Android due to a possible way to overlay the Certificate Installation dialog by a malicious application in "onCreate" of "CertInstaller.java". A local attacker can gain elevated privileges on the target system.
7) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2020-0014)
The vulnerability allows a local attacker to escalate privileges on the system.
The vulnerability exists within the Framework functionality of Android due to possibility for a malicious application to construct a TYPE_TOAST window manually and make that window clickable. A local attacker can gain elevated privileges on the target system.
8) Information disclosure (CVE-ID: CVE-2020-0028)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists within the System functionality of Android due to a possible bypass of private DNS settings in "notifyNetworkTested" and related functions of "NetworkMonitor.java". A remote attacker can gain unauthorized access to sensitive information on the system.
9) Out-of-bounds write (CVE-ID: CVE-2020-0027)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists within the System functionality of Android due to an unexpected switch fallthrough in "HidRawSensor::batch" of "HidRawSensor.cpp". A remote attacker can trigger out-of-bounds write and execute arbitrary code on the target system.
10) Use-after-free (CVE-ID: CVE-2020-0026)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists within the System functionality of Android due to a use-after-free error in "Parcel::continueWrite" of "Parcel.cpp". A remote attacker can gain elevated privileges on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
11) Information disclosure (CVE-ID: CVE-2020-0023)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists within the System functionality of Android due to a missing permission check in "setPhonebookAccessPermission" of "AdapterService.java". A remote attacker can gain unauthorized access to sensitive information if a malicious app enables contacts over Bluetooth.
12) Out-of-bounds write (CVE-ID: CVE-2020-0022)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists within the System functionality of Android due to a boundary error when processing untrusted input in "reassemble_and_dispatch" of "packet_fragmenter.cc". A remote attacker can trigger out-of-bounds write and execute arbitrary code over Bluetooth on the target system.
13) Out-of-bounds write (CVE-ID: CVE-2020-0005)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists within the System functionality of Android due to a boundary error when processing untrusted input in "btm_read_remote_ext_features_complete" of "btm_acl.cc". A remote attacker can trigger out-of-bounds write and execute arbitrary code on the target system.
14) Race condition (CVE-ID: CVE-2020-0030)
The vulnerability allows a local attacker to escalate privileges on the system.
The
vulnerability exists within the "Binder driver" component of Android due to a race condition in "binder_thread_release"
of "binder.c". A local attacker can use a specially crafted file to exploit the race, trigger a use-after-free error and execute arbitrary code with elevated privileges on the target system.
Remediation
Install update from vendor's website.
References
- https://source.android.com/security/bulletin/2020-02-01
- https://android.googlesource.com/platform/frameworks/base/+/859ead528cd09f6fdf3a85df390745054058d12c
- https://android.googlesource.com/platform/frameworks/base/+/fab928923c8255626049e6f459105d2e4c715384
- https://android.googlesource.com/platform/frameworks/base/+/f5a3d382a97ef26fefbd15cd02c9993e77f7b813
- https://android.googlesource.com/platform/frameworks/base/+/aa68a4f19e6a122b80ca1bcff57228dc795081e5
- https://android.googlesource.com/platform/frameworks/native/+/7fb8682cbf494e3f1d5c79ebfbd9b020e1191679
- https://android.googlesource.com/platform/frameworks/base/+/721e4d085ca3d1dc5826c0ba71615529f544d7f7
- https://android.googlesource.com/platform/frameworks/base/+/ea4bce75cfebd7cef90b1e483d752b252f09333c
- https://android.googlesource.com/platform/frameworks/base/+/aa2ffea8baea65c13ac2b841b3d581f28261dd2b
- https://android.googlesource.com/platform/packages/apps/CertInstaller/+/bdf1dc655cf226d10077e0926049bac0aed0127e
- https://android.googlesource.com/platform/frameworks/base/+/d885c3279f3fecb2c08e382c733a440113dae644
- https://android.googlesource.com/platform/frameworks/base/+/0929eb918071c1e76fd41b677af0973412f8a098
- https://android.googlesource.com/platform/frameworks/base/+/b66ddb8e5d08324ab3fc068861cd029a8ffba1b8
- https://android.googlesource.com/platform/hardware/libhardware/+/2526448930008792615f8b8a718ad09f19390025
- https://android.googlesource.com/platform/frameworks/native/+/daf29a6dbfafc6c06654a3878c0ad2a7f8ebc063
- https://android.googlesource.com/platform/packages/apps/Bluetooth/+/0d8307f408f166862fbd6efb593c4d65...
- https://android.googlesource.com/platform/system/bt/+/3cb7149d8fed2d7d77ceaa95bf845224c4db3baf
- https://android.googlesource.com/platform/system/bt/+/771571f69ab9498e9104db3c5c367f1def0a5146
- https://android.googlesource.com/kernel/common/+/5eeb2ca0