SB2020051428 - Multiple vulnerabilities in Google Android
Published: May 14, 2020 Updated: February 23, 2024
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 15 secuirty vulnerabilities.
1) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2020-0096)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists within the Framework functionality of Android due to a confused deputy in startActivities of "ActivityStartController.java". A local user can gain elevated privileges on the target system.
2) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2020-0097)
The vulnerability allows a remote attacker to escalate privileges on the system.
The vulnerability exists within the Framework functionality of Android due to a missing condition for system apps in various methods of "PackageManagerService.java". A local user can gain elevated privileges on the target system.
3) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2020-0098)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists within the Framework functionality of Android due to a confused deputy in navigateUpToLocked of "ActivityStack.java". A local user can gain elevated privileges on the target system.
4) Out-of-bounds write (CVE-ID: CVE-2020-0094)
The vulnerability allows a local user to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted input within the Media framework functionality in "setImageHeight" and "setImageWidth" of ExifUtils.cpp. A local user can trigger out-of-bounds write and execute arbitrary code on the target system with elevated privileges.
5) Out-of-bounds read (CVE-ID: CVE-2020-0100)
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to incorrect error handling in "onTransact" of "IHDCP.cpp" within the Media framework functionality. A local user can trigger out-of-bounds read error and read contents of memory on the system.
6) Out-of-bounds read (CVE-ID: CVE-2020-0093)
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to a missing bounds check in "exif_data_save_data_entry" of "exif-data.c" file within the Media framework functionality. A local user can trigger out-of-bounds read error and read contents of memory on the system.
7) Information disclosure (CVE-ID: CVE-2020-0101)
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to uninitialized data in "BnCrypto::onTransact" of "ICrypto.cpp" within the Media framework functionality. A local user can gain unauthorized access to sensitive information on the system.
8) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2020-0105)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a missing permission check in "onKeyguardVisibilityChanged" of "key_store_service.cpp" within the System functionality. A local user can gain elevated privileges on the target system, allowing apps to use keyguard-bound keys when the screen is locked.
9) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2020-0109)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a missing permission check in "simulatePackageSuspendBroadcast" of "NotificationManagerService.java" within the System functionality. A local user can create fake system notifications and gain elevated privileges on the target system.
10) Out-of-bounds write (CVE-ID: CVE-2020-0102)
The vulnerability allows a local user to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted input in "GattServer::SendResponse" of "gatt_server.cc" within the System functionality. A local user can trigger out-of-bounds write and execute arbitrary code on the target system with elevated privileges.
11) Information disclosure (CVE-ID: CVE-2020-0092)
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to a permissions bypass in "setHideSensitive" of "NotificationStackScrollLayout.java" within the System functionality. A local user can gain unauthorized access to sensitive information on the system.
12) Information disclosure (CVE-ID: CVE-2020-0104)
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to a logic error in "onShowingStateChanged" of "KeyguardStateMonitor.java" within the System functionality. A local user can gain unauthorized access to sensitive information of keyguard-protected data.
13) Information disclosure (CVE-ID: CVE-2020-0106)
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to a missing SDK version check in "getCellLocation" of "PhoneInterfaceManager.java" within the System functionality. A local user can gain unauthorized access to sensitive information on the system.
14) Incorrect default permissions (CVE-ID: CVE-2020-0024)
The vulnerability allows a local attacker to escalate privileges on the system.
The vulnerability exists due to incorrect default permissions for files and folders that are set by the application in "onCreate" of "SettingsBaseActivity.java" within the System functionality. A local attacker can view contents of files and directories or modify them.
15) Buffer overflow (CVE-ID: CVE-2020-0103)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in "a2dp_aac_decoder_cleanup" of "a2dp_aac_decoder.cc" within the System functionality. A remote attacker can trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Remediation
Install update from vendor's website.
References
- https://source.android.com/security/bulletin/2020-05-01
- https://android.googlesource.com/platform/frameworks/base/+/a952197bd161ac0e03abc6acb5f48e4ec2a56e9d
- https://android.googlesource.com/platform/frameworks/base/+/7fc95f204527ee079c5891d56c969668f0b35a0b
- https://android.googlesource.com/platform/frameworks/base/+/8d0ae5c65cbcd72a820215eaeb50fcbc0dc531a8
- https://android.googlesource.com/platform/frameworks/base/+/f98e1086f5a039d98becf7203367b663e72d09f5
- https://android.googlesource.com/platform/frameworks/base/+/058cafe0c1f61e8edd25ba22e2c8e73a43c5d4ad
- https://android.googlesource.com/platform/frameworks/base/+/5deb172bf4d9e2b80cda0b8dd5d2b0573e1c86e9
- https://android.googlesource.com/platform/frameworks/av/+/64212a424b4819efb3b6c66e14f6b2b1b1023d4f
- https://android.googlesource.com/platform/frameworks/av/+/cf4c5675c2c7ab822ed1ff12350c78575153f3cb
- https://lists.debian.org/debian-lts-announce/2020/05/msg00016.html
- https://android.googlesource.com/platform/external/libexif/+/0335ffc17f9b9a4831c242bb08ea92f605fde7a6
- https://android.googlesource.com/platform/frameworks/av/+/63889889c06e95529432177c457d6cdb4fcecac8
- https://android.googlesource.com/platform/system/security/+/1642dc003964aed54724d17d840f883f0537cebd
- https://android.googlesource.com/platform/frameworks/base/+/adc39de3a148a2058d63bd7a1b8b71ee0a3524ac
- https://android.googlesource.com/platform/system/bt/+/6b7373a32e0a0628b497c1fbec5141ca47ef61b5
- https://android.googlesource.com/platform/frameworks/base/+/2a81aed66366c2d38feb7be05d355ff819e60355
- https://android.googlesource.com/platform/frameworks/base/+/576c4d816c8efe8b9bf7dc88880d8ccde3beacee
- https://android.googlesource.com/platform/packages/services/Telephony/+/460a6de550d7e78ffb3032b92fdb05845c10ef06
- https://android.googlesource.com/platform/packages/apps/Settings/+/3c6a3011fa797bc00e5246b04e961847c0e60a1c
- https://android.googlesource.com/platform/packages/apps/Settings/+/abe9cee25ecda73b84c6baad1fa631bf3a47572b
- https://android.googlesource.com/platform/system/bt/+/89321d6f0d47724dc7f0c17f7d7302d1fe75086b