CVE-2020-0009

Опубликовано: 08 янв. 2020

Источник: nvd

CVSS3: 5.5

CVSS2: 2.1

EPSS Низкий

Описание

In calc_vm_may_flags of ashmem.c, there is a possible arbitrary write to shared memory due to a permissions bypass. This could lead to local escalation of privilege by corrupting memory shared between processes, with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-142938932

Ссылки

http://packetstormsecurity.com/files/155903/Android-ashmem-Read-Only-Bypasses.html
Patch
Third Party Advisory
VDB Entry
https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html
Mailing List
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html
Mailing List
Third Party Advisory
https://source.android.com/security/bulletin/2020-01-01
Vendor Advisory
http://packetstormsecurity.com/files/155903/Android-ashmem-Read-Only-Bypasses.html
Patch
Third Party Advisory
VDB Entry
https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html
Mailing List
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html
Mailing List
Third Party Advisory
https://source.android.com/security/bulletin/2020-01-01
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:o:google:android:-:*:*:*:*:*:*:*

Конфигурация 2

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

EPSS

Процентиль: 31%

0.00115

Низкий

5.5 Medium

CVSS3

2.1 Low

CVSS2

Дефекты

CWE-276

Связанные уязвимости

CVE-2020-0009

CVSS3: 5.5

ubuntu

около 6 лет назад

CVE-2020-0009

CVSS3: 5.5

debian

около 6 лет назад

In calc_vm_may_flags of ashmem.c, there is a possible arbitrary write ...

GHSA-66j5-w5hg-38pg

CVSS3: 5.5

github

больше 3 лет назад

EPSS

Процентиль: 31%

0.00115

Низкий

5.5 Medium

CVSS3

2.1 Low

CVSS2

Дефекты

CWE-276