Published: 11/05/2020 Updated: 26/04/2022

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 668

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

An issue exists on LG mobile devices with Android OS 7.2, 8.0, 8.1, 9, and 10 software. Arbitrary code execution can occur via the bootloader because of an EL1/EL3 coldboot vulnerability involving raw_resources. The LG ID is LVE-SMP-200006 (May 2020).

Vulnerable Product	Search on Vulmon	Subscribe to Product
google android 8.0
google android 8.1
google android 7.2
google android 9.0
google android 10.0

A proof-of-concept for CVE-2020-12753

CVE-2020-12753-PoC This repo contains a proof-of-concept for 🔋📱❄️🥾🔓, an SBL1/aboot vuln for Secure EL3 arbitrary code execution on the LG Stylo 4 (AMZ/Q710ULM) This is only tested on updates 20a and 20c and with the SBL1 variant of the vulnerability - Makefile : Builds raw_resources_a_modimg given sbl_rops and raw_resourcesimg_884736 - raw

CWE-787 https://lgsecurity.lge.com/https://www.zdnet.com/article/new-cold-boot-attack-affects-seven-years-of-lg-android-smartphones/https://douevenknow.us/post/619763074822520832/an-el1el3-coldboot-vulnerability https://nvd.nist.gov https://github.com/shinyquagsire23/CVE-2020-12753-PoC

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2020-12753

Vulnerability Summary

Vulnerability Trend

Github Repositories

References

Vulmon Search

About

Products

Connect