Main Vulnerability Database SB2020031078

SB2020031078 - Out-of-bounds write in Google, Google Android

Published: March 10, 2020 Updated: August 8, 2020

Security Bulletin ID SB2020031078

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Local access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Out-of-bounds write (CVE-ID: CVE-2020-0050)

The vulnerability allows a local privileged user to execute arbitrary code.

In nfa_hciu_send_msg of nfa_hci_utils.cc, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege in the NFC server with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-124521372

Remediation

Install update from vendor's website.

References

https://source.android.com/security/bulletin/pixel/2020-03-01