Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2020-0022

In reassemble_and_dispatch of packet_fragmenter.cc, there is possible out of bounds write due to an incorrect bounds calculation. This could lead to remote code execution over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-143894715

Published

2020-02-13T15:15:11.780

Last Modified

2024-11-21T04:52:45.763

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 8.8 (HIGH)

CVSSv2 Vector

AV:A/AC:L/Au:N/C:C/I:C/A:C

Access Vector: ADJACENT_NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: COMPLETE
Integrity Impact: COMPLETE
Availability Impact: COMPLETE

Exploitability Score

6.5

Impact Score

10.0

Weaknesses

Type: Primary
CWE-682
Type: Secondary
CWE-682

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	google	android	8.0	Yes
Operating System	google	android	8.1	Yes
Operating System	google	android	9.0	Yes
Operating System	google	android	10.0	Yes
Operating System	huawei	mate_20_firmware	< 10.0.0.195\(c00e74r3p8\)	Yes
Hardware	huawei	mate_20	-	No
Operating System	huawei	mate_20_pro_firmware	< 10.0.0.196\(c185e7r2p4\)	Yes
Hardware	huawei	mate_20_pro	-	No
Operating System	huawei	mate_20_x_firmware	< 10.0.0.195\(c00e74r2p8\)	Yes
Hardware	huawei	mate_20_x	-	No
Operating System	huawei	p_smart_firmware	< 9.1.0.193\(c605e6r1p5t8\)	Yes
Hardware	huawei	p_smart	-	No
Operating System	huawei	p_smart_2019_firmware	< 10.0.0.180\(c185e3r4p1\)	Yes
Hardware	huawei	p_smart_2019	-	No
Operating System	huawei	p20_firmware	< 10.0.0.162\(c00e156r1p4\)	Yes
Hardware	huawei	p20	-	No
Operating System	huawei	p20_pro_firmware	< 10.0.0.162\(c00e156r1p4\)	Yes
Hardware	huawei	p20_pro	-	No
Operating System	huawei	p30_firmware	< 10.0.0.190\(c432e22r2p5\)	Yes
Hardware	huawei	p30	-	No
Operating System	huawei	p30_pro_firmware	< 10.0.0.195\(c00e85r2p8\)	Yes
Hardware	huawei	p30_pro	-	No
Operating System	huawei	y6_2019_firmware	< 9.1.0.290\(c185e5r4p1\)	Yes
Hardware	huawei	y6_2019	-	No
Operating System	huawei	y6_pro_2019_firmware	< 9.1.0.290\(c636e5r3p1\)	Yes
Hardware	huawei	y6_pro_2019	-	No
Operating System	huawei	y9_2019_firmware	< 9.1.0.264\(c185e2r5p1t8\)	Yes
Hardware	huawei	y9_2019	-	No
Operating System	huawei	nova_3_firmware	< 9.1.0.338\(c00e333r1p1t8\)	Yes
Hardware	huawei	nova_3	-	No
Operating System	huawei	nova_lite_3_firmware	< 9.1.0.322\(c635e8r2p2\)	Yes
Hardware	huawei	nova_lite_3	-	No
Operating System	huawei	honor_8a_firmware	< 9.1.0.291\(c185e3r4p1\)	Yes
Hardware	huawei	honor_8a	-	No
Operating System	huawei	honor_8x_firmware	< 10.0.0.183\(c185e2r6p1\)	Yes
Hardware	huawei	honor_8x	-	No
Operating System	huawei	honor_view_20_firmware	< 10.0.0.195\(c636e3r4p3\)	Yes
Hardware	huawei	honor_view_20	-	No
Operating System	huawei	mate_30_pro_firmware	< 10.0.0.203\(c00e202r7p2\)	Yes
Hardware	huawei	mate_30_pro	-	No
Operating System	huawei	mate_30_firmware	< 10.0.0.203\(c00e202r7p2\)	Yes
Hardware	huawei	mate_30	-	No
Operating System	huawei	mate_30_pro_5g_firmware	< 10.0.0.203\(c00e202r7p2\)	Yes
Hardware	huawei	mate_30_pro_5g	-	No
Operating System	huawei	mate_30_5g_firmware	< 10.0.0.203\(c00e202r7p2\)	Yes
Hardware	huawei	mate_30_5g	-	No

References

http://packetstormsecurity.com/files/156891/Android-Bluetooth-Remote-Denial-Of-Service.html Exploit, Third Party Advisory, VDB Entry ([email protected])
http://seclists.org/fulldisclosure/2020/Feb/10 Mailing List, Third Party Advisory ([email protected])
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200513-03-smartphone-en Third Party Advisory ([email protected])
https://source.android.com/security/bulletin/2020-02-01 Patch, Vendor Advisory ([email protected])
http://packetstormsecurity.com/files/156891/Android-Bluetooth-Remote-Denial-Of-Service.html Exploit, Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://seclists.org/fulldisclosure/2020/Feb/10 Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200513-03-smartphone-en Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://source.android.com/security/bulletin/2020-02-01 Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)