Published: 11/08/2020 Updated: 12/08/2020

CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6

CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8

VMScore: 828

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

In NewFixedDoubleArray of factory.cc, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-150706594

Vulnerable Product	Search on Vulmon	Subscribe to Product
google android 10.0

As the world descends into madness, it's good to see some things never change: Monthly Android patches

The Register • Shaun Nichols in San Francisco • 04 Aug 2020

Qualcomm bugs among the worst – including a critical hole in wireless networking Is it Patch Blues-day for Outlook? Microsoft's email client breaks worldwide, leaves everyone stumped

Google has emitted the August edition of its Android software security updates. This month's fixes include one remote-code-execution bug (CVE-2020-0240), present in the Android Framework. Google warns that the bug "could enable a remote attacker using a specially crafted file to execute arbitrary code within the context of an unprivileged process," though isn't being exploited... yet. That flaw was the only remote-code-execution bug present in the 01 level of the security patch bundle. This is t...

CVE-2020-0240

Vulnerability Summary

Vulnerability Trend

Recent Articles

References

Vulmon Search

About

Products

Connect