CVE-2020-0382
First published: Tue Sep 08 2020(Updated: )
In RunInternal of dumpstate.cpp, there is a possible user consent bypass due to an uncaught exception. This could lead to local information disclosure of bug report data with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-10Android ID: A-152944488
Credit: security@android.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Android | ||
| Android | =10.0 | |
| Android | =11.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://source.android.com/security/bulletin/2020-09-01
- https://android.googlesource.com/platform/frameworks/base/+/a898d1198050c40b73f1467ea5adaf881f3d7961
- https://android.googlesource.com/platform/frameworks/native/+/90f8249030e02080e937eeed12fc8c8c692bbc64
- https://source.android.com/docs/security/bulletin/2020-09-01 (Advisory)
Frequently Asked Questions
What is the severity of CVE-2020-0382?
CVE-2020-0382 is considered a high-severity vulnerability due to its potential for local information disclosure.
How do I fix CVE-2020-0382?
To mitigate CVE-2020-0382, you should update your Android device to version 11.0 or later.
Which versions of Android are affected by CVE-2020-0382?
CVE-2020-0382 affects Android versions 10.0 and 11.0.
Is user interaction required to exploit CVE-2020-0382?
No, user interaction is not needed for the exploitation of CVE-2020-0382.
What type of data could be disclosed due to CVE-2020-0382?
CVE-2020-0382 could lead to local information disclosure of bug report data.
- agent/type
- agent/softwarecombine
- agent/first-publish-date
- agent/author
- agent/weakness
- agent/severity
- agent/references
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- agent/source
- agent/tags
- collector/android-source
- source/Android
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/google
- canonical/android
- version/android/10.0
- version/android/11.0