CVE-2020-0041
CVE-2020-0041
In short
A flaw in Android's binder communication system allows writing data beyond allocated memory boundaries due to improper validation. An attacker can exploit this locally to gain elevated privileges without needing user interaction or special permissions.
Technical detail
Out-of-bounds write vulnerability in binder_transaction() function caused by insufficient bounds checking during inter-process communication (IPC) buffer handling. Local attacker can trigger the vulnerability to achieve privilege escalation; no additional execution privileges or user interaction required.
Summary generated and translated by AI from the official description.
In binder_transaction of binder.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-145988638References: Upstream kernel
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected products
n/a · Androidpublic PoCs found — 5
githubgithub.com/bluefrostsecurity/CVE-2020-0041★ 257githubgithub.com/j4nn/CVE-2020-0041★ 62githubgithub.com/jcalabres/root-exploit-pixel3★ 13githubgithub.com/vaginessa/CVE-2020-0041-Pixel-3a★ 8githubgithub.com/koharin/CVE-2020-0041★ 1⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →