CVE-2020-0431 — Out-of-bounds Write in Google Android

CWE-787 — Out-of-bounds Write CWE-284 — Improper Access Control7 documents7 sources

Severity

6.7MEDIUMNVD

EPSS

0.0%

top 89.50%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Kernel Google Android Opensuse Leap +1 more

Timeline

PublishedSep 17

Latest updateFeb 14

Description

In kbd_keycode of keyboard.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-144161459

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 0.8 | Impact: 5.9

Affected Packages4 packages

▶CVEListV5google/androidAndroid kernel

▶Debianlinux/linux_kernel< 5.4.13-1+3

▶NVDopensuse/leap15.1, 15.2+1

▶Palo Altopaloalto/pan-os

Patches

Patch: source.android.com ↗Patch: source.android.com ↗

🔴Vulnerability Details

GHSA

GHSA-q36v-x9xm-f2j9: In kbd_keycode of keyboard↗2022-05-24

▶

OSV

CVE-2020-0431: In kbd_keycode of keyboard↗2020-09-17

▶

CVEList

CVE-2020-0431: In kbd_keycode of keyboard↗2020-09-17

▶

📋Vendor Advisories

Palo Alto

PAN-SA-2024-0001 Informational Bulletin: Impact of OSS CVEs in PAN-OS↗2024-02-14

▶

Red Hat

kernel: possible out of bounds write in kbd_keycode of keyboard.c↗2021-01-14

▶

Debian

CVE-2020-0431: linux - In kbd_keycode of keyboard.c, there is a possible out of bounds write due to a m...↗2020

▶