CVE-2020-0423

CVSS v3.1 7.8 (High)

CVSS v2.0 7.2 (High)

EPSS 0.04 % (5^th)

Affected Products 2

Advisories 7

In binder_release_work of binder.c, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-161151868References: N/A

Weaknesses

CWE-416: Use After Free
CWE-667: Improper Locking

CVE Status: PUBLISHED
CNA: Android (associated with Google Inc. or Open Handset Alliance)
Published Date: 2020-10-14 14:15:17
(3 years ago)
Updated Date: 2022-04-28 18:23:51
(2 years ago)

Affected Products

Debian

Debian Linux

Google

Android

Configuration #1

		CPE23	From	Up To
	Google Android	cpe:2.3:o:google:android:-

Configuration #2

		CPE23	From	Up To
	Debian Linux 9.0	cpe:2.3:o:debian:debian_linux:9.0