Vulnerability Details : CVE-2020-0427
In create_pinctrl of core.c, there is a possible out of bounds read due to a use after free. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-140550171
Published
2020-09-17 19:15:13
Updated
2022-10-25 16:12:17
Vulnerability category: Memory CorruptionInformation leak
Products affected by CVE-2020-0427
- cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
- cpe:2.3:o:google:android:-:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*
- cpe:2.3:a:starwindsoftware:starwind_virtual_san:v8:build12533:*:*:*:vsphere:*:*
- cpe:2.3:a:starwindsoftware:starwind_virtual_san:v8:build12658:*:*:*:vsphere:*:*
- cpe:2.3:a:starwindsoftware:starwind_virtual_san:v8:build12859:*:*:*:vsphere:*:*
- cpe:2.3:a:starwindsoftware:starwind_virtual_san:v8:build13170:*:*:*:vsphere:*:*
- cpe:2.3:a:starwindsoftware:starwind_virtual_san:v8:build13586:*:*:*:vsphere:*:*
- cpe:2.3:a:starwindsoftware:starwind_virtual_san:v8:build13861:*:*:*:vsphere:*:*
Exploit prediction scoring system (EPSS) score for CVE-2020-0427
0.04%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 6 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2020-0427
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
2.1
|
LOW | AV:L/AC:L/Au:N/C:P/I:N/A:N |
3.9
|
2.9
|
NIST | |
5.5
|
MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
1.8
|
3.6
|
NIST |
CWE ids for CVE-2020-0427
-
The product reads data past the end, or before the beginning, of the intended buffer.Assigned by: nvd@nist.gov (Primary)
-
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.Assigned by: nvd@nist.gov (Primary)
References for CVE-2020-0427
-
http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00001.html
[security-announce] openSUSE-SU-2020:1586-1: important: Security updateMailing List;Third Party Advisory
-
https://lists.debian.org/debian-lts-announce/2020/12/msg00027.html
[SECURITY] [DLA 2494-1] linux security updateMailing List;Third Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00021.html
Mailing List;Third Party Advisory
-
http://packetstormsecurity.com/files/161229/Kernel-Live-Patch-Security-Notice-LSN-0074-1.html
Kernel Live Patch Security Notice LSN-0074-1 ≈ Packet StormThird Party Advisory;VDB Entry
-
https://www.starwindsoftware.com/security/sw-20210325-0005/
CVE-2020-0427 Linux Kernel vulnerability in StarWind VSAN for vSphere (VSA)Third Party Advisory
-
https://source.android.com/security/bulletin/pixel/2020-09-01
Pixel Update Bulletin—September 2020 | Android Open Source ProjectPatch;Vendor Advisory
Jump to