CVE-2020-0225
published 2020-07-17CVE-2020-0225: In a2dp_vendor_ldac_decoder_decode_packet of a2dp_vendor_ldac_decoder.cc, there is a possible out of bounds write due to a missing bounds check. This could…
PriorityP259critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
2.68%
83.9th percentile
In a2dp_vendor_ldac_decoder_decode_packet of a2dp_vendor_ldac_decoder.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-142546668
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| android | — | — | |
| android | — | — | |
| android | — | — | |
| platform | system_bt | >= 10:0 < 10:2020-07-01 | 10:2020-07-01 |
Detection & IOCsextracted from sources · hover to see the quote
- →Vulnerable function is `a2dp_vendor_ldac_decoder_decode_packet` in `a2dp_vendor_ldac_decoder.cc` — monitor for crashes or anomalous behavior in the LDAC Bluetooth A2DP decoder component on Android 10 devices ↗
- →Attack vector is remote with no privileges or user interaction required — any Bluetooth A2DP LDAC audio stream from an untrusted/unauthenticated peer should be treated as a potential exploit delivery mechanism ↗
- →Scope limited to Android 10 (AOSP) — prioritize detection and patching efforts on unpatched Android 10 devices; reference Android Security Bulletin 2020-07-01 and internal tracking ID A-142546668 ↗
- ·No patch-level or build fingerprint details are provided in the sources; defenders should cross-reference the July 2020 Android Security Bulletin (2020-07-01) to confirm whether a given device build includes the fix for A-142546668 ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Android
CVE-2020-0225: Android Security Bulletin 2020-07-01
CVE: CVE-2020-0225
Severity: CRITICAL
Type: RCE
Affected AOSP versions: 10
References: A-142546668
vendor_android·2020-07-01·CVSS 9.8
CVE-2020-0225 [CRITICAL] CVE-2020-0225: Android Security Bulletin 2020-07-01
CVE: CVE-2020-0225
Severity: CRITICAL
Type: RCE
Affected AOSP versions: 10
References: A-142546668
Android Security Bulletin 2020-07-01
CVE: CVE-2020-0225
Severity: CRITICAL
Type: RCE
Affected AOSP versions: 10
References: A-142546668
GHSA
GHSA-r9h3-wq94-qjg7: In a2dp_vendor_ldac_decoder_decode_packet of a2dp_vendor_ldac_decoder
ghsa_unreviewed·2022-05-24
CVE-2020-0225 [HIGH] GHSA-r9h3-wq94-qjg7: In a2dp_vendor_ldac_decoder_decode_packet of a2dp_vendor_ldac_decoder
In a2dp_vendor_ldac_decoder_decode_packet of a2dp_vendor_ldac_decoder.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-142546668
OSV
CVE-2020-0225: In a2dp_vendor_ldac_decoder_decode_packet of a2dp_vendor_ldac_decoder
osv·2020-07-01
CVE-2020-0225 CVE-2020-0225: In a2dp_vendor_ldac_decoder_decode_packet of a2dp_vendor_ldac_decoder
In a2dp_vendor_ldac_decoder_decode_packet of a2dp_vendor_ldac_decoder.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2020-07-17
Published