exploitDog

CVE-2020-0403

Опубликовано: 17 сент. 2020

Источник: nvd

CVSS3: 6.7

CVSS2: 7.2

EPSS Низкий

Описание

In the FPC TrustZone fingerprint App, there is a possible invalid command handler due to an exposed test feature. This could lead to local escalation of privilege in the TEE, with System execution privileges required. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-131252923

Ссылки

https://source.android.com/security/bulletin/pixel/2020-09-01
Vendor Advisory
https://source.android.com/security/bulletin/pixel/2020-09-01
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:o:google:android:-:*:*:*:*:*:*:*

EPSS

Процентиль: 2%

0.00013

Низкий

6.7 Medium

CVSS3

7.2 High

CVSS2

Дефекты

CWE-269

Связанные уязвимости

GHSA-cgr8-5587-cqhj

github

больше 3 лет назад

In the FPC TrustZone fingerprint App, there is a possible invalid command handler due to an exposed test feature. This could lead to local escalation of privilege in the TEE, with System execution privileges required. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-131252923

EPSS

Процентиль: 2%

0.00013

Низкий

6.7 Medium

CVSS3

7.2 High

CVSS2

Дефекты

CWE-269