CVE-2020-0108 — Improper Handling of Exceptional Conditions in Google Android

CWE-755 — Improper Handling of Exceptional Conditions CWE-269 — Improper Privilege Management5 documents5 sources

Severity

7.8HIGHNVD

EPSS

1.8%

top 17.03%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Platform Frameworks Base Platform Packages Apps Settings Platform Packages Services CAR +1 more

Timeline

PublishedAug 11

Latest updateMay 24

Description

In postNotification of ServiceRecord.java, there is a possible bypass of foreground process restrictions due to an uncaught exception. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-8.1 Android-9Android ID: A-140108616

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages5 packages

▶CVEListV5google/androidAndroid-10 Android-8.1 Android-9

▶NVDgoogle/android10.0, 8.1, 9.0+2

▶Androidplatform/frameworks_base8.1:0 — 8.1:2020-08-01+2

▶Androidplatform/packages_services_car8.1:0 — 8.1:2020-08-01+2

▶Androidplatform/packages_apps_settings8.1:0 — 8.1:2020-08-01+2

🔴Vulnerability Details

GHSA

GHSA-r4mf-xwrc-457g: In postNotification of ServiceRecord↗2022-05-24

▶

CVEList

CVE-2020-0108: In postNotification of ServiceRecord↗2020-08-11

▶

OSV

CVE-2020-0108: In postNotification of ServiceRecord↗2020-08-01

▶

📋Vendor Advisories

Android

CVE-2020-0108: Android Security Bulletin 2020-08-01 CVE: CVE-2020-0108 Severity: HIGH Type: EoP Affected AOSP versions: 8↗2020-08-01

▶