← Back

CVE-2020-11828

nvd nist
Published: Apr 21, 2020Modified: Nov 21, 2024

JSON object

Loading...
7.5
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Exploitability: 3.9 / Impact: 3.6
Source: NVD

Description

In ColorOS (oppo mobile phone operating system, based on AOSP frameworks/native code position/services/surfaceflinger surfaceflinger.CPP), RGB is defined on the stack but uninitialized, so when the screenShot function to RGB value assignment, will not initialize the value is returned to the attackers, leading to values on the stack information leakage, the vulnerability can be used to bypass attackers ALSR.

Affected (1)

Products: Oppo: Coloros
Oppo
1 product
Coloros
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Coloros
All versions

Related CWEs

CWE-908
Use of Uninitialized Resource
The product uses or accesses a resource that has not been initialized.

References (2)

Source: security@oppo.com
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory

Timeline

No history available yet.