ASB-A-129476618

Import Source
https://storage.googleapis.com/android-osv/ASB-A-129476618.json
Aliases
  • CVE-2020-0227
Published
2020-07-01T00:00:00Z
Modified
2024-04-24T14:40:06Z
Details

In onCommand of CompanionDeviceManagerService.java, there is a possible permissions bypass due to a missing permission check. This could lead to local escalation of privilege allowing background data usage or launching from the background, with no additional execution privileges needed. User interaction is not needed for exploitation.

References

Affected packages

Android / platform/cts

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
8.0:0
Fixed
8.0:2020-07-01
Introduced
8.1:0
Fixed
8.1:2020-07-01
Introduced
9:0
Fixed
9:2020-07-01
Introduced
10:0
Fixed
10:2020-07-01

Affected versions

Other

10
9

8.*

8.0
8.1

Ecosystem specific

{
    "fixes": [
        "https://android.googlesource.com/platform/cts/+/4f7dc13067ab4aa4f0c3f5373ee0a28c0285eea1",
        "https://android.googlesource.com/platform/cts/+/7d87a0e0a7bcda698b30957bce3c21d64a965e89",
        "https://android.googlesource.com/platform/cts/+/8643636095dc9b3c70a62ef16f68df12dff67fe7"
    ],
    "spl": "2020-07-01",
    "types": [
        "EoP"
    ],
    "severity": "High"
}

Android / platform/frameworks/base

Affected ranges

Type
ECOSYSTEM
Events
Introduced
8.0:0
Fixed
8.0:2020-07-01
Introduced
8.1:0
Fixed
8.1:2020-07-01
Introduced
9:0
Fixed
9:2020-07-01
Introduced
10:0
Fixed
10:2020-07-01

Affected versions

Other

10
9

8.*

8.0
8.1

Ecosystem specific

{
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/84cccfe6cdbc57ee372ee1a0fea64c7a11c53766",
        "https://android.googlesource.com/platform/frameworks/base/+/98f45443e1cf397ab92b4cecd9200c2dcccf099b",
        "https://android.googlesource.com/platform/frameworks/base/+/b4aaa9d8adae5971f7f6589afc22008afa2f8d2b"
    ],
    "spl": "2020-07-01",
    "types": [
        "EoP"
    ],
    "severity": "High"
}