ASB-A-155485360

See a problem?
Import Source
https://storage.googleapis.com/android-osv/ASB-A-155485360.json
JSON Data
https://api.osv.dev/v1/vulns/ASB-A-155485360
Aliases
  • A-155485360
  • CVE-2020-0255
Published
2020-08-01T00:00:00Z
Modified
2024-08-07T19:29:08.522128Z
Summary
SELinux/netlink vulnerability
Details

In selinuxnetlinksend of hooks.c, there is a possible permission bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

References

Affected packages

Android / :linux_kernel:

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
:0
Fixed
:2020-08-05

Affected versions

Other

Kernel

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "104471994260832224149867289291702729437",
                    "15427858976643449928959236234597610935",
                    "186273446759242020169706550879420399166",
                    "260311420903135200131097256487986536940",
                    "30316534737031797741665498459727086440",
                    "59768788526619064205587924327545158311",
                    "94873596465578995111353778953133629938",
                    "303585053866067647902247540128843569967",
                    "56390283915181291686015259113854169434",
                    "101309589515819082738420247379541418092",
                    "21331451479343323602527690615506825377",
                    "137404570670346265436578355353855434061",
                    "1089271003591064136852337787482746097",
                    "147502935350520673131192937122125799028",
                    "199067455425575587313322804101258795374",
                    "306070861118505855178740525639601206601",
                    "2044340355788310802725872039369865993",
                    "240875287783363983639426169977464501507",
                    "113481057044383204032358442910482441172",
                    "316480780260237664049813370448149755763",
                    "159499630207422466502666139146903776809",
                    "284912077553191078609392431994033671118",
                    "175944036750446049110050443385001942004",
                    "64887305713650589439865403011214221170",
                    "222298714953219898015816211759041773966",
                    "149236663775179910675331326154544392915",
                    "278206329369051238110270538459026182213",
                    "258793471022636976607956655174183376240",
                    "23018173293669035097053308146826687343",
                    "335710941357812959271003027944281607194",
                    "32258447577084968825761457825511118090"
                ]
            },
            "id": "ASB-A-155485360-00b5d460",
            "source": "http://android.googlesource.com/kernel/common/+/fb73974172ff",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "security/selinux/hooks.c"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 778.0,
                "function_hash": "333914485971026804027125169973024446332"
            },
            "id": "ASB-A-155485360-3d22c22a",
            "source": "http://android.googlesource.com/kernel/common/+/fb73974172ff",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "security/selinux/hooks.c",
                "function": "selinux_netlink_send"
            },
            "signature_type": "Function"
        }
    ],
    "fixes": [
        "http://android.googlesource.com/kernel/common/+/fb73974172ff"
    ],
    "spl": "2020-08-05",
    "severity": "High",
    "types": [
        "EoP"
    ]
}