CVE-2020-0022 — HIGH (8.8) — White Hats Nepal

Q: How severe is CVE-2020-0022?

CVE-2020-0022 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2020-0022?

Check the references section above for vendor advisories and patch information. Affected products include: Google Android, Huawei Mate 20 Firmware, Huawei Mate 20, Huawei Mate 20 Pro Firmware, Huawei Mate 20 Pro.

Vulnerability Description

In reassemble_and_dispatch of packet_fragmenter.cc, there is possible out of bounds write due to an incorrect bounds calculation. This could lead to remote code execution over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-143894715

CVSS Score

8.8

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Google	Android	8.0
Huawei	Mate 20 Firmware	< 10.0.0.195\(c00e74r3p8\)
Huawei	Mate 20	-
Huawei	Mate 20 Pro Firmware	< 10.0.0.196\(c185e7r2p4\)
Huawei	Mate 20 Pro	-
Huawei	Mate 20 X Firmware	< 10.0.0.195\(c00e74r2p8\)
Huawei	Mate 20 X	-
Huawei	P Smart Firmware	< 9.1.0.193\(c605e6r1p5t8\)
Huawei	P Smart	-
Huawei	P Smart 2019 Firmware	< 10.0.0.180\(c185e3r4p1\)
Huawei	P Smart 2019	-
Huawei	P20 Firmware	< 10.0.0.162\(c00e156r1p4\)
Huawei	P20	-
Huawei	P20 Pro Firmware	< 10.0.0.162\(c00e156r1p4\)
Huawei	P20 Pro	-
Huawei	P30 Firmware	< 10.0.0.190\(c432e22r2p5\)
Huawei	P30	-
Huawei	P30 Pro Firmware	< 10.0.0.195\(c00e85r2p8\)
Huawei	P30 Pro	-
Huawei	Y6 2019 Firmware	< 9.1.0.290\(c185e5r4p1\)

Related Weaknesses (CWE)

CWE-682

References

http://packetstormsecurity.com/files/156891/Android-Bluetooth-Remote-Denial-Of-SExploitThird Party AdvisoryVDB Entry
http://seclists.org/fulldisclosure/2020/Feb/10Mailing ListThird Party Advisory
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200513-03-smartphThird Party Advisory
https://source.android.com/security/bulletin/2020-02-01PatchVendor Advisory
http://packetstormsecurity.com/files/156891/Android-Bluetooth-Remote-Denial-Of-SExploitThird Party AdvisoryVDB Entry
http://seclists.org/fulldisclosure/2020/Feb/10Mailing ListThird Party Advisory
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200513-03-smartphThird Party Advisory
https://source.android.com/security/bulletin/2020-02-01PatchVendor Advisory

FAQ

What is CVE-2020-0022?

CVE-2020-0022 is a vulnerability with a CVSS score of 8.8 (HIGH). In reassemble_and_dispatch of packet_fragmenter.cc, there is possible out of bounds write due to an incorrect bounds calculation. This could lead to remote code execution over Bluetooth with no additi...

How severe is CVE-2020-0022?

CVE-2020-0022 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-0022?

Check the references section above for vendor advisories and patch information. Affected products include: Google Android, Huawei Mate 20 Firmware, Huawei Mate 20, Huawei Mate 20 Pro Firmware, Huawei Mate 20 Pro.