CVE-2024-20056Improper Input Validation in Google Android

CWE-20Improper Input Validation4 documents4 sources
Severity
6.7MEDIUMNVD
EPSS
0.0%
top 98.85%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Google AndroidOpenwrtRdkcentral Rdk-b
Timeline
PublishedMay 6

Description

In preloader, there is a possible escalation of privilege due to an insecure default value. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08528185; Issue ID: ALPS08528185.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 0.8 | Impact: 5.9

Affected Packages3 packages

NVDgoogle/android12.0, 13.0, 14.0+2
NVDopenwrt/openwrt19.07.0, 21.02.0, 23.05+2
NVDrdkcentral/rdk-b2022q3

🔴Vulnerability Details

2
CVEList
CVE-2024-20056: In preloader, there is a possible escalation of privilege due to an insecure default value2024-05-06
GHSA
GHSA-826p-p2mp-vgq9: In preloader, there is a possible escalation of privilege due to an insecure default value2024-05-06

📋Vendor Advisories

1
Android
CVE-2024-20056: preloader2024-05-01
CVE-2024-20056 — Improper Input Validation in Google | cvebase