CVE-2020-0414Improper Resource Shutdown or Release in Google Android

CWE-404Improper Resource Shutdown or ReleaseCWE-665Improper InitializationCWE-276Incorrect Default Permissions5 documents5 sources
Severity
6.5MEDIUMNVD
EPSS
0.3%
top 51.32%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Platform Frameworks AVGoogle Android
Timeline
PublishedOct 14
Latest updateMay 24

Description

In AudioFlinger::RecordThread::threadLoop of audioflinger/Threads.cpp, there is a possible non-silenced audio buffer due to a permissions bypass. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11Android ID: A-157708122

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages3 packages

CVEListV5google/androidAndroid-10 Android-11
NVDgoogle/android10.0, 11.0+1
Androidplatform/frameworks_av10:010:2020-10-01

Patches

Patch: source.android.comPatch: source.android.com

🔴Vulnerability Details

3
GHSA
GHSA-4mf6-634h-mv3h: In AudioFlinger::RecordThread::threadLoop of audioflinger/Threads2022-05-24
CVEList
CVE-2020-0414: In AudioFlinger::RecordThread::threadLoop of audioflinger/Threads2020-10-14
OSV
CVE-2020-0414: In AudioFlinger::RecordThread::threadLoop of audioflinger/Threads2020-10-01

📋Vendor Advisories

1
Android
CVE-2020-0414: Android Security Bulletin 2020-10-01 CVE: CVE-2020-0414 Severity: HIGH Type: ID Affected AOSP versions: 10, 11 References: A-1577081222020-10-01
CVE-2020-0414 — Improper Resource Shutdown or Release | cvebase