CVE-2020-0041
Android Kernel Out-of-Bounds Write Vulnerability
7.8
HIGH
CVSS 3.1
⚠ KEVEPSS 23.9%
Description
In binder_transaction of binder.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-145988638References: Upstream kernel
How to fix CVE-2020-0041
To remediate CVE-2020-0041, upgrade the affected package to a fixed version below.
- —upgrade to 5.4.6-1 or later
Is CVE-2020-0041 being exploited?
Yes — CVE-2020-0041 is on the CISA Known Exploited Vulnerabilities (KEV) catalog. Patch immediately.
Affected packages (1)
- from 0, < 5.4.6-1
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.8 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |