ASB-A-157598026

See a problem?
Import Source
https://storage.googleapis.com/android-osv/ASB-A-157598026.json
JSON Data
https://api.osv.dev/v1/vulns/ASB-A-157598026
Aliases
  • A-157598026
  • CVE-2020-0390
Published
2020-09-01T00:00:00Z
Modified
2024-08-07T19:29:04.866350Z
Summary
App zygotes expose mlstrustedsubject [child bug #1]
Details

In the app zygote SE Policy, there is a possible permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

References

Affected packages

Android / platform/system/sepolicy

Affected ranges

Type
ECOSYSTEM
Events
Introduced
10:0
Fixed
10:2020-09-01

Affected versions

Other

10

Ecosystem specific

{
    "fixes": [
        "https://android.googlesource.com/platform/system/sepolicy/+/4c386e10c98b63cdb07bd940287e2cf1a63526c0"
    ],
    "spl": "2020-09-01",
    "severity": "High",
    "types": [
        "ID"
    ]
}