ASB-A-129476618

See a problem?
Import Source
https://storage.googleapis.com/android-osv/ASB-A-129476618.json
JSON Data
https://api.osv.dev/v1/vulns/ASB-A-129476618
Aliases
  • CVE-2020-0227
Published
2020-07-01T00:00:00Z
Modified
2024-07-26T14:42:01Z
Summary
Any app can run CompanionDeviceManagerService cmd
Details

In onCommand of CompanionDeviceManagerService.java, there is a possible permissions bypass due to a missing permission check. This could lead to local escalation of privilege allowing background data usage or launching from the background, with no additional execution privileges needed. User interaction is not needed for exploitation.

References

Affected packages

Android / platform/cts

Package

Name
platform/cts

Affected ranges

Type
ECOSYSTEM
Events
Introduced
8.0:0
Fixed
8.0:2020-07-01

Affected versions

8.*

8.0

Ecosystem specific 

{
    "fixes": [
        "https://android.googlesource.com/platform/cts/+/4f7dc13067ab4aa4f0c3f5373ee0a28c0285eea1",
        "https://android.googlesource.com/platform/cts/+/7d87a0e0a7bcda698b30957bce3c21d64a965e89",
        "https://android.googlesource.com/platform/cts/+/8643636095dc9b3c70a62ef16f68df12dff67fe7"
    ],
    "spl": "2020-07-01",
    "types": [
        "EoP"
    ],
    "severity": "High"
}

Android / platform/frameworks/base

Package

Name
platform/frameworks/base

Affected ranges

Type
ECOSYSTEM
Events
Introduced
8.0:0
Fixed
8.0:2020-07-01

Affected versions

8.*

8.0

Ecosystem specific 

{
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/84cccfe6cdbc57ee372ee1a0fea64c7a11c53766",
        "https://android.googlesource.com/platform/frameworks/base/+/98f45443e1cf397ab92b4cecd9200c2dcccf099b",
        "https://android.googlesource.com/platform/frameworks/base/+/b4aaa9d8adae5971f7f6589afc22008afa2f8d2b"
    ],
    "spl": "2020-07-01",
    "types": [
        "EoP"
    ],
    "severity": "High"
}

Android / platform/cts

Package

Name
platform/cts

Affected ranges

Type
ECOSYSTEM
Events
Introduced
8.1:0
Fixed
8.1:2020-07-01

Affected versions

8.*

8.1

Ecosystem specific 

{
    "fixes": [
        "https://android.googlesource.com/platform/cts/+/4f7dc13067ab4aa4f0c3f5373ee0a28c0285eea1",
        "https://android.googlesource.com/platform/cts/+/7d87a0e0a7bcda698b30957bce3c21d64a965e89",
        "https://android.googlesource.com/platform/cts/+/8643636095dc9b3c70a62ef16f68df12dff67fe7"
    ],
    "spl": "2020-07-01",
    "types": [
        "EoP"
    ],
    "severity": "High"
}

Android / platform/frameworks/base

Package

Name
platform/frameworks/base

Affected ranges

Type
ECOSYSTEM
Events
Introduced
8.1:0
Fixed
8.1:2020-07-01

Affected versions

8.*

8.1

Ecosystem specific 

{
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/84cccfe6cdbc57ee372ee1a0fea64c7a11c53766",
        "https://android.googlesource.com/platform/frameworks/base/+/98f45443e1cf397ab92b4cecd9200c2dcccf099b",
        "https://android.googlesource.com/platform/frameworks/base/+/b4aaa9d8adae5971f7f6589afc22008afa2f8d2b"
    ],
    "spl": "2020-07-01",
    "types": [
        "EoP"
    ],
    "severity": "High"
}

Android / platform/cts

Package

Name
platform/cts

Affected ranges

Type
ECOSYSTEM
Events
Introduced
9:0
Fixed
9:2020-07-01

Affected versions

Other

9

Ecosystem specific 

{
    "fixes": [
        "https://android.googlesource.com/platform/cts/+/4f7dc13067ab4aa4f0c3f5373ee0a28c0285eea1",
        "https://android.googlesource.com/platform/cts/+/7d87a0e0a7bcda698b30957bce3c21d64a965e89",
        "https://android.googlesource.com/platform/cts/+/8643636095dc9b3c70a62ef16f68df12dff67fe7"
    ],
    "spl": "2020-07-01",
    "types": [
        "EoP"
    ],
    "severity": "High"
}

Android / platform/frameworks/base

Package

Name
platform/frameworks/base

Affected ranges

Type
ECOSYSTEM
Events
Introduced
9:0
Fixed
9:2020-07-01

Affected versions

Other

9

Ecosystem specific 

{
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/84cccfe6cdbc57ee372ee1a0fea64c7a11c53766",
        "https://android.googlesource.com/platform/frameworks/base/+/98f45443e1cf397ab92b4cecd9200c2dcccf099b",
        "https://android.googlesource.com/platform/frameworks/base/+/b4aaa9d8adae5971f7f6589afc22008afa2f8d2b"
    ],
    "spl": "2020-07-01",
    "types": [
        "EoP"
    ],
    "severity": "High"
}

Android / platform/cts

Package

Name
platform/cts

Affected ranges

Type
ECOSYSTEM
Events
Introduced
10:0
Fixed
10:2020-07-01

Affected versions

Other

10

Ecosystem specific 

{
    "fixes": [
        "https://android.googlesource.com/platform/cts/+/4f7dc13067ab4aa4f0c3f5373ee0a28c0285eea1",
        "https://android.googlesource.com/platform/cts/+/7d87a0e0a7bcda698b30957bce3c21d64a965e89",
        "https://android.googlesource.com/platform/cts/+/8643636095dc9b3c70a62ef16f68df12dff67fe7"
    ],
    "spl": "2020-07-01",
    "types": [
        "EoP"
    ],
    "severity": "High"
}

Android / platform/frameworks/base

Package

Name
platform/frameworks/base

Affected ranges

Type
ECOSYSTEM
Events
Introduced
10:0
Fixed
10:2020-07-01

Affected versions

Other

10

Ecosystem specific 

{
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/84cccfe6cdbc57ee372ee1a0fea64c7a11c53766",
        "https://android.googlesource.com/platform/frameworks/base/+/98f45443e1cf397ab92b4cecd9200c2dcccf099b",
        "https://android.googlesource.com/platform/frameworks/base/+/b4aaa9d8adae5971f7f6589afc22008afa2f8d2b"
    ],
    "spl": "2020-07-01",
    "types": [
        "EoP"
    ],
    "severity": "High"
}