Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ubuntucveUbuntu.comUB:CVE-2020-0433
HistorySep 17, 2020 - 12:00 a.m.

CVE-2020-0433

2020-09-1700:00:00
ubuntu.com
ubuntu.com
18
cve-2020-0433
improper locking
privilege escalation
android kernel
stable backports
android advisory

CVSS2

4.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0

Percentile

5.1%

JSON

In blk_mq_queue_tag_busy_iter of blk-mq-tag.c, there is a possible use
after free due to improper locking. This could lead to local escalation of
privilege with no additional execution privileges needed. User interaction
is not needed for exploitation.Product: AndroidVersions: Android
kernelAndroid ID: A-151939299

Notes

Author Note
sbeattie see android advisory for stable backports
OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchlinux<Β 4.15.0-101.102UNKNOWN
ubuntu16.04noarchlinux<Β 4.4.0-185.215UNKNOWN
ubuntu18.04noarchlinux-aws<Β 4.15.0-1067.71UNKNOWN
ubuntu16.04noarchlinux-aws<Β 4.4.0-1110.121UNKNOWN
ubuntu16.04noarchlinux-aws-hwe<Β 4.15.0-1067.71~16.04.1UNKNOWN
ubuntu16.04noarchlinux-azure<Β 4.15.0-1083.93~16.04.1UNKNOWN
ubuntu18.04noarchlinux-azure-4.15<Β 4.15.0-1083.93UNKNOWN
ubuntu16.04noarchlinux-gcp<Β 4.15.0-1071.81~16.04.1UNKNOWN
ubuntu18.04noarchlinux-gke-4.15<Β 4.15.0-1059.62UNKNOWN
ubuntu18.04noarchlinux-hwe<Β 5.0.0-23.24~18.04.1UNKNOWN
Rows per page:
1-10 of 201

Related

cve 1
prion 1
debiancve 1
cvelist 1
nvd 1
nessus 11
openvas 11
androidsecurity 1
cve
cve
CVE-2020-0433
2020-09-17 19:15:13
prion
prion
Design/Logic Flaw
2020-09-17 19:15:00
debiancve
debiancve
CVE-2020-0433
2020-09-17 19:15:13
cvelist
cvelist
CVE-2020-0433
2020-09-17 18:45:46
nvd
nvd
CVE-2020-0433
2020-09-17 19:15:13
nessus
nessus
EulerOS 2.0 SP5 : kernel (EulerOS-SA-2021-1200)
2021-02-04 00:00:00
SUSE SLES12 Security Update : kernel (SUSE-SU-2021:1617-1)
2021-05-18 00:00:00
SUSE SLES12 Security Update : kernel (SUSE-SU-2021:1175-1)
2021-04-14 00:00:00
openvas
openvas
Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2021-1200)
2021-02-05 00:00:00
SUSE: Security Advisory (SUSE-SU-2021:1617-1)
2021-06-09 00:00:00
SUSE: Security Advisory (SUSE-SU-2021:1623-1)
2021-06-09 00:00:00
androidsecurity
androidsecurity
Pixel Update Bulletinβ€”September 2020
2020-09-08 00:00:00

CVSS2

4.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0

Percentile

5.1%

JSON
Related for UB:CVE-2020-0433
cve1prion1debiancve1cvelist1nvd1nessus11openvas11androidsecurity1