CVE-2020-0114 : In onCreateSliceProvider of KeyguardSliceProvider.java, there is a possible conf

In onCreateSliceProvider of KeyguardSliceProvider.java, there is a possible confused deputy due to a PendingIntent error. This could lead to local escalation of privilege that allows actions performed as the System UI, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-147606347

Published 2020-06-10 18:15:10

Updated 2021-07-21 11:39:24

Source Android (associated with Google Inc. or Open Handset Alliance)

View at NVD, CVE.org

Products affected by CVE-2020-0114

Google » Android » Version: 10.0
cpe:2.3:o:google:android:10.0:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2020-0114

EPSS FAQ

0.03%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 8 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2020-0114

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
7.2	HIGH	AV:L/AC:L/Au:N/C:C/I:C/A:C	3.9	10.0	NIST
Access Vector: Local Access Complexity: Low Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete
7.8	HIGH	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	1.8	5.9	NIST
Attack Vector: Local Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

References for CVE-2020-0114

https://source.android.com/security/bulletin/2020-06-01

Android Security Bulletin—June 2020 | Android Open Source Project
Patch;Vendor Advisory

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2020-0114

Products affected by CVE-2020-0114

Exploit prediction scoring system (EPSS) score for CVE-2020-0114

CVSS scores for CVE-2020-0114

References for CVE-2020-0114