CVE Vulnerabilities

CVE-2020-0183

Incomplete Cleanup

Published: Jun 11, 2020 | Modified: Jul 21, 2021
CVSS 3.x
7.8
HIGH
Source:
NVD
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVSS 2.x
4.4 MEDIUM
AV:L/AC:M/Au:N/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu

In handleMessage of BluetoothManagerService, there is an incomplete reset. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-110181479

Weakness

The product does not properly “clean up” and remove temporary or supporting resources after they have been used.

Affected Software

Name Vendor Start Version End Version
Android Google 10.0 (including) 10.0 (including)

Potential Mitigations

References