CVE-2020-0438
published 2020-11-10CVE-2020-0438: In the AIBinder_Class constructor of ibinder.cpp, there is a possible arbitrary code execution due to uninitialized data. This could lead to local escalation…
high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
In the AIBinder_Class constructor of ibinder.cpp, there is a possible arbitrary code execution due to uninitialized data. This could lead to local escalation of privilege if a process were using libbinder_ndk in a vulnerable way with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-10Android ID: A-161812320
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| platform | frameworks_native | >= 10:0 < 10:2020-11-01 | 10:2020-11-01 |
| platform | frameworks_native | >= 11-next:0 < 11-next:2020-11-01 | 11-next:2020-11-01 |
| platform | frameworks_native | >= 11:0 < 11:2020-11-01 | 11:2020-11-01 |