CVE-2020-0432 — Integer Overflow or Wraparound in Google Android

CWE-190 — Integer Overflow or Wraparound CWE-787 — Out-of-bounds Write CWE-400 — Uncontrolled Resource Consumption6 documents6 sources

Severity

7.8HIGHNVD

EPSS

0.0%

top 90.62%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Kernel Google Android Opensuse Leap

Timeline

PublishedSep 17

Latest updateMay 24

Description

In skb_to_mamac of networking.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-143560807

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages3 packages

▶CVEListV5google/androidAndroid kernel

▶Debianlinux/linux_kernel< 5.4.19-1+3

▶NVDopensuse/leap15.1, 15.2+1

Patches

Patch: source.android.com ↗Patch: source.android.com ↗

🔴Vulnerability Details

GHSA

GHSA-24q8-rjjm-c7vv: In skb_to_mamac of networking↗2022-05-24

▶

CVEList

CVE-2020-0432: In skb_to_mamac of networking↗2020-09-17

▶

OSV

CVE-2020-0432: In skb_to_mamac of networking↗2020-09-17

▶

📋Vendor Advisories

Red Hat

kernel: possible out of bounds write in skb_to_mamac of networking.c↗2020-09-08

▶

Debian

CVE-2020-0432: linux - In skb_to_mamac of networking.c, there is a possible out of bounds write due to ...↗2020

▶