Vulnerability Description
In calc_vm_may_flags of ashmem.c, there is a possible arbitrary write to shared memory due to a permissions bypass. This could lead to local escalation of privilege by corrupting memory shared between processes, with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-142938932
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Android | - | |
| Debian | Debian Linux | 8.0 |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/155903/Android-ashmem-Read-Only-Bypasses.htPatchThird Party AdvisoryVDB Entry
- https://lists.debian.org/debian-lts-announce/2020/06/msg00011.htmlMailing ListThird Party Advisory
- https://lists.debian.org/debian-lts-announce/2020/06/msg00013.htmlMailing ListThird Party Advisory
- https://source.android.com/security/bulletin/2020-01-01Vendor Advisory
- http://packetstormsecurity.com/files/155903/Android-ashmem-Read-Only-Bypasses.htPatchThird Party AdvisoryVDB Entry
- https://lists.debian.org/debian-lts-announce/2020/06/msg00011.htmlMailing ListThird Party Advisory
- https://lists.debian.org/debian-lts-announce/2020/06/msg00013.htmlMailing ListThird Party Advisory
- https://source.android.com/security/bulletin/2020-01-01Vendor Advisory
FAQ
What is CVE-2020-0009?
CVE-2020-0009 is a vulnerability with a CVSS score of 5.5 (MEDIUM). In calc_vm_may_flags of ashmem.c, there is a possible arbitrary write to shared memory due to a permissions bypass. This could lead to local escalation of privilege by corrupting memory shared between...
How severe is CVE-2020-0009?
CVE-2020-0009 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-0009?
Check the references section above for vendor advisories and patch information. Affected products include: Google Android, Debian Debian Linux.