CVE-2020-0226 — Out-of-bounds Write in Google Android

CWE-787 — Out-of-bounds Write CWE-843 — Type Confusion5 documents5 sources

Severity

7.8HIGHNVD

EPSS

0.0%

top 98.09%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Platform Frameworks Native Google Android

Timeline

PublishedJul 17

Latest updateMay 24

Description

In createWithSurfaceParent of Client.cpp, there is a possible out of bounds write due to type confusion. This could lead to local escalation of privilege in the graphics server with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-150226994

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages3 packages

▶CVEListV5google/androidAndroid-10

▶NVDgoogle/android10.0

▶Androidplatform/frameworks_native10:0 — 10:2020-07-01

Patches

Patch: source.android.com ↗Patch: source.android.com ↗

🔴Vulnerability Details

GHSA

GHSA-p6hv-349c-8qpj: In createWithSurfaceParent of Client↗2022-05-24

▶

CVEList

CVE-2020-0226: In createWithSurfaceParent of Client↗2020-07-17

▶

OSV

CVE-2020-0226: In createWithSurfaceParent of Client↗2020-07-01

▶

📋Vendor Advisories

Android

CVE-2020-0226: Android Security Bulletin 2020-07-01 CVE: CVE-2020-0226 Severity: HIGH Type: EoP Affected AOSP versions: 10 References: A-150226994↗2020-07-01

▶