CVE-2020-0067 — Out-of-bounds Read in Google Android
Severity
4.4MEDIUMNVD
OSV4.7
EPSS
0.1%
top 82.44%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedApr 17
Latest updateMay 24
Description
In f2fs_xattr_generic_list of xattr.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not required for exploitation.Product: Android. Versions: Android kernel. Android ID: A-120551147.
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:NExploitability: 0.8 | Impact: 3.6
Affected Packages3 packages
Also affects: Ubuntu Linux 14.04, 16.04, 18.04, 19.10, 20.04
🔴Vulnerability Details
9OSV▶
linux, linux-aws, linux-kvm, linux-lts-xenial, linux-raspi2, linux-snapdragon vulnerabilities↗2020-09-24
OSV▶
linux, linux-aws, linux-aws-hwe, linux-azure, linux-azure-4.15, linux-gcp, linux-gke-4.15, linux-hwe, linux-kvm, linux-oem, linux-oracle, linux-raspi2, linux-snapdragon vulnerabilities↗2020-06-11
OSV▶
linux, linux-aws, linux-aws-5.3, linux-azure, linux-azure-5.3, linux-gcp, linux-gcp-5.3, linux-gke-5.3, linux-hwe, linux-kvm, linux-oracle, linux-oracle-5.3, linux-raspi2, linux-raspi2-5.3 vulnerabili↗2020-06-10
📋Vendor Advisories
8💬Community
2Bugzilla▶
CVE-2020-0067 kernel: out of bounds read due to a missing bounds check in f2fs_xattr_generic_list of xattr.c leading to local information disclosure↗2020-06-19
Bugzilla▶
CVE-2020-0067 kernel: out of bounds read due to a missing bounds check in f2fs_xattr_generic_list of xattr.c leading to local information disclosure [fedora-all]↗2020-06-19