CVE-2020-0404

In uvc_scan_chain_forward of uvc_driver.c, there is a possible linked list corruption due to an unusual root cause. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-111893654References: Upstream kernel

Published: Sep 17, 2020
Updated: Apr 13, 2023
CVE: CVE-2020-0404
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 5.5
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CVSS v2:

Severity: Low
Score: 4.9
AV:L/AC:L/Au:N/C:N/I:N/A:C

CWEs:

CWE-269

Affected Software
References

Software	From	Fixed in
oracle / communications_cloud_native_core_binding_support_function	22.1.3	22.1.3.x
oracle / communications_cloud_native_core_policy	22.2.0	22.2.0.x
oracle / communications_cloud_native_core_network_exposure_function	22.1.1	22.1.1.x

http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00001.html
http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00021.html
https://source.android.com/security/bulletin/2020-09-01
https://www.oracle.com/security-alerts/cpujul2022.html

Vulnerability Database

289,599

CVE-2020-0404