← Back

CVE-2020-0404

nvd nist
Published: Sep 17, 2020Modified: Nov 21, 2024

JSON object

Loading...
5.5
Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Exploitability: 1.8 / Impact: 3.6
Source: NVD

Description

In uvc_scan_chain_forward of uvc_driver.c, there is a possible linked list corruption due to an unusual root cause. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-111893654References: Upstream kernel

Affected (4)

Google
1 product
Android
Oracle
3 products
Communications Cloud Native Core Binding Support Function
Communications Cloud Native Core Network Exposure Function
Communications Cloud Native Core Policy
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Android
All versions
Configuration B
3 vulnerable
Vulnerable SoftwareAffected Versions
Communications Cloud Native Core Binding Support Function
Version 22.1.3
Communications Cloud Native Core Network Exposure Function
Version 22.1.1
Communications Cloud Native Core Policy
Version 22.2.0

Related CWEs

CWE-269
Improper Privilege Management
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

References (8)

Source: security@android.com
Third Party Advisory
Source: security@android.com
Third Party Advisory
Source: security@android.com
Vendor Advisory
Source: security@android.com
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory

Timeline

No history available yet.