ASB-A-161151868

See a problem?

Import Source

https://storage.googleapis.com/android-osv/ASB-A-161151868.json

JSON Data

https://api.osv.dev/v1/vulns/ASB-A-161151868

Aliases

A-161151868
CVE-2020-0423

Published

2020-10-01T00:00:00Z

Modified

2024-08-07T19:29:01.809801Z

Summary

[1-click remote root exploit chain on the lastest Pixel4] - KASAN READ

Details

In binderreleasework of binder.c, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.

References

https://source.android.com/security/bulletin/2020-10-01

Affected packages

Android / :unknown:

Package

Name: :unknown:

Affected ranges

Type: ECOSYSTEM
Events: Introduced

:0

Fixed

:2020-10-05

Affected versions

Other

Kernel

Ecosystem specific

{
    "spl": "2020-10-05",
    "severity": "High",
    "types": [
        "EoP"
    ]
}