1. Home
  2. Vulnerabilities
  3. CVE-2020-0404

CVE-2020-0404

CVSS v3.1 5.5 (Medium)
55% Progress
CVSS v2.0 4.9 (Medium)
49% Progress
EPSS 0.09 % (38th)
0.09% Progress
Affected Products 4
Advisories 22
Info CVSS EPSS CAPEC Affected Configurations References Security Advisories Packages & Software OVAL Tools, Exploits & PoC Graph Web & Social Timeline

In uvc_scan_chain_forward of uvc_driver.c, there is a possible linked list corruption due to an unusual root cause. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-111893654References: Upstream kernel

Weaknesses
CWE-269
Improper Privilege Management
CVE Status
PUBLISHED
CNA
Android (associated with Google Inc. or Open Handset Alliance)
Published Date
2020-09-17 16:15:14
(4 years ago)
Updated Date
2023-02-28 15:39:23
(18 months ago)

Affected Products

Google

Oracle

Configuration #1

    CPE23 From Up To
  Google Android cpe:2.3:o:google:android:-

Configuration #2

    CPE23 From Up To
  Oracle Communications Cloud Native Core Binding Support Function 22.1.3 cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.1.3
  Oracle Communications Cloud Native Core Network Exposure Function 22.1.1 cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:22.1.1
  Oracle Communications Cloud Native Core Policy 22.2.0 cpe:2.3:a:oracle:communications_cloud_native_core_policy:22.2.0