CVE-2020-0022

In reassemble_and_dispatch of packet_fragmenter.cc, there is possible out of bounds write due to an incorrect bounds calculation. This could lead to remote code execution over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-143894715

Published: Feb 13, 2020
Updated: Apr 13, 2023
CVE: CVE-2020-0022
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 8.8
AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

Severity: High
Score: 8.3
AV:A/AC:L/Au:N/C:C/I:C/A:C

CWEs:

Affected Software
References

Software	From	Fixed in
google / android	8.0	8.0.x
google / android	8.1	8.1.x
google / android	9.0	9.0.x
google / android	10.0	10.0.x
huawei / mate_20_firmware	-	10.0.0.195\(c00e74r3p8\)
huawei / mate_20_pro_firmware	-	10.0.0.196\(c185e7r2p4\)
huawei / mate_20_x_firmware	-	10.0.0.195\(c00e74r2p8\)
huawei / p_smart_firmware	-	9.1.0.193\(c605e6r1p5t8\)
huawei / p_smart_2019_firmware	-	10.0.0.180\(c185e3r4p1\)
huawei / p20_firmware	-	10.0.0.162\(c00e156r1p4\)
huawei / p20_pro_firmware	-	10.0.0.162\(c00e156r1p4\)
huawei / p30_firmware	-	10.0.0.190\(c432e22r2p5\)
huawei / p30_pro_firmware	-	10.0.0.195\(c00e85r2p8\)
huawei / y6_2019_firmware	-	9.1.0.290\(c185e5r4p1\)
huawei / y6_pro_2019_firmware	-	9.1.0.290\(c636e5r3p1\)
huawei / y9_2019_firmware	-	9.1.0.264\(c185e2r5p1t8\)
huawei / nova_3_firmware	-	9.1.0.338\(c00e333r1p1t8\)
huawei / nova_lite_3_firmware	-	9.1.0.322\(c635e8r2p2\)
huawei / honor_8a_firmware	-	9.1.0.291\(c185e3r4p1\)
huawei / honor_8x_firmware	-	10.0.0.183\(c185e2r6p1\)
huawei / honor_view_20_firmware	-	10.0.0.195\(c636e3r4p3\)
huawei / mate_30_pro_firmware	-	10.0.0.203\(c00e202r7p2\)
huawei / mate_30_firmware	-	10.0.0.203\(c00e202r7p2\)
huawei / mate_30_pro_5g_firmware	-	10.0.0.203\(c00e202r7p2\)
huawei / mate_30_5g_firmware	-	10.0.0.203\(c00e202r7p2\)

Vulnerability Database

289,697

CVE-2020-0022