cbcvebase.
CVE-2020-0009
published 2020-01-08

CVE-2020-0009: In calc_vm_may_flags of ashmem.c, there is a possible arbitrary write to shared memory due to a permissions bypass. This could lead to local escalation of…

PriorityP434medium5.5CVSS 3.1
AVLACLPRLUINSUCNIHAN
EXPLOIT
EPSS
0.69%
48.0th percentile
In calc_vm_may_flags of ashmem.c, there is a possible arbitrary write to shared memory due to a permissions bypass. This could lead to local escalation of privilege by corrupting memory shared between processes, with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-142938932

Affected

7 ranges
VendorProductVersion rangeFixed in
debiandebian_linux
debianlinux< linux 5.5.13-1 (bookworm)linux 5.5.13-1 (bookworm)
googleandroid
linuxlinux_kernel>= 0 < 5.5.13-15.5.13-1
linuxlinux_kernel>= 0 < 5.5.13-15.5.13-1
linuxlinux_kernel>= 0 < 5.5.13-15.5.13-1
linuxlinux_kernel>= 0 < 5.5.13-15.5.13-1

CVSS provenance

nvdv3.15.5MEDIUMCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
nvdv2.02.1LOWAV:L/AC:L/Au:N/C:N/I:P/A:N
osv5.5MEDIUM
vendor_debian5.5MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.