CVE-2020-0432

In skb_to_mamac of networking.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-143560807

Weakness

The product performs a calculation that can produce an integer overflow or wraparound, when the logic assumes that the resulting value will always be larger than the original value. This can introduce other weaknesses when the calculation is used for resource management or execution control.

Affected Software

Name	Vendor	Start Version	End Version
Android	Google	- (including)	- (including)
Linux	Ubuntu	bionic	*
Linux	Ubuntu	esm-infra-legacy/trusty	*
Linux	Ubuntu	precise/esm	*
Linux	Ubuntu	trusty	*
Linux	Ubuntu	trusty/esm	*
Linux	Ubuntu	upstream	*
Linux	Ubuntu	xenial	*
Linux-aws	Ubuntu	bionic	*
Linux-aws	Ubuntu	trusty	*
Linux-aws	Ubuntu	trusty/esm	*
Linux-aws	Ubuntu	upstream	*
Linux-aws	Ubuntu	xenial	*
Linux-aws-5.0	Ubuntu	bionic	*
Linux-aws-5.0	Ubuntu	esm-infra/bionic	*
Linux-aws-5.0	Ubuntu	upstream	*
Linux-aws-5.15	Ubuntu	upstream	*
Linux-aws-5.3	Ubuntu	bionic	*
Linux-aws-5.3	Ubuntu	esm-infra/bionic	*
Linux-aws-5.3	Ubuntu	upstream	*
Linux-aws-5.4	Ubuntu	upstream	*
Linux-aws-6.8	Ubuntu	upstream	*
Linux-aws-fips	Ubuntu	fips-updates/bionic	*
Linux-aws-fips	Ubuntu	fips/bionic	*
Linux-aws-fips	Ubuntu	trusty	*
Linux-aws-fips	Ubuntu	upstream	*
Linux-aws-fips	Ubuntu	xenial	*
Linux-aws-hwe	Ubuntu	upstream	*
Linux-aws-hwe	Ubuntu	xenial	*
Linux-azure	Ubuntu	bionic	*
Linux-azure	Ubuntu	esm-infra/bionic	*
Linux-azure	Ubuntu	trusty	*
Linux-azure	Ubuntu	trusty/esm	*
Linux-azure	Ubuntu	upstream	*
Linux-azure	Ubuntu	xenial	*
Linux-azure-4.15	Ubuntu	upstream	*
Linux-azure-5.15	Ubuntu	upstream	*
Linux-azure-5.3	Ubuntu	bionic	*
Linux-azure-5.3	Ubuntu	esm-infra/bionic	*
Linux-azure-5.3	Ubuntu	upstream	*
Linux-azure-5.4	Ubuntu	upstream	*
Linux-azure-6.8	Ubuntu	upstream	*
Linux-azure-edge	Ubuntu	bionic	*
Linux-azure-edge	Ubuntu	esm-infra/bionic	*
Linux-azure-edge	Ubuntu	upstream	*
Linux-azure-fde	Ubuntu	focal	*
Linux-azure-fde	Ubuntu	upstream	*
Linux-azure-fde-5.15	Ubuntu	upstream	*
Linux-azure-fips	Ubuntu	fips-updates/bionic	*
Linux-azure-fips	Ubuntu	fips/bionic	*
Linux-azure-fips	Ubuntu	trusty	*
Linux-azure-fips	Ubuntu	upstream	*
Linux-azure-fips	Ubuntu	xenial	*
Linux-bluefield	Ubuntu	upstream	*
Linux-fips	Ubuntu	fips-updates/xenial	*
Linux-fips	Ubuntu	fips/bionic	*
Linux-fips	Ubuntu	fips/xenial	*
Linux-fips	Ubuntu	upstream	*
Linux-gcp	Ubuntu	bionic	*
Linux-gcp	Ubuntu	esm-infra/bionic	*
Linux-gcp	Ubuntu	upstream	*
Linux-gcp	Ubuntu	xenial	*
Linux-gcp-4.15	Ubuntu	upstream	*
Linux-gcp-5.15	Ubuntu	upstream	*
Linux-gcp-5.3	Ubuntu	bionic	*
Linux-gcp-5.3	Ubuntu	esm-infra/bionic	*
Linux-gcp-5.3	Ubuntu	upstream	*
Linux-gcp-5.4	Ubuntu	upstream	*
Linux-gcp-6.8	Ubuntu	upstream	*
Linux-gcp-edge	Ubuntu	bionic	*
Linux-gcp-edge	Ubuntu	esm-infra/bionic	*
Linux-gcp-edge	Ubuntu	upstream	*
Linux-gcp-fips	Ubuntu	fips/bionic	*
Linux-gcp-fips	Ubuntu	trusty	*
Linux-gcp-fips	Ubuntu	upstream	*
Linux-gcp-fips	Ubuntu	xenial	*
Linux-gke	Ubuntu	focal	*
Linux-gke	Ubuntu	upstream	*
Linux-gke	Ubuntu	xenial	*
Linux-gke-4.15	Ubuntu	bionic	*
Linux-gke-4.15	Ubuntu	upstream	*
Linux-gke-5.0	Ubuntu	bionic	*
Linux-gke-5.0	Ubuntu	upstream	*
Linux-gke-5.3	Ubuntu	bionic	*
Linux-gke-5.3	Ubuntu	upstream	*
Linux-gkeop	Ubuntu	upstream	*
Linux-gkeop-5.15	Ubuntu	upstream	*
Linux-hwe	Ubuntu	bionic	*
Linux-hwe	Ubuntu	upstream	*
Linux-hwe	Ubuntu	xenial	*
Linux-hwe-5.15	Ubuntu	upstream	*
Linux-hwe-5.4	Ubuntu	upstream	*
Linux-hwe-6.8	Ubuntu	upstream	*
Linux-hwe-edge	Ubuntu	bionic	*
Linux-hwe-edge	Ubuntu	esm-infra/bionic	*
Linux-hwe-edge	Ubuntu	esm-infra/xenial	*
Linux-hwe-edge	Ubuntu	upstream	*
Linux-hwe-edge	Ubuntu	xenial	*
Linux-ibm	Ubuntu	upstream	*
Linux-ibm-5.15	Ubuntu	upstream	*
Linux-ibm-5.4	Ubuntu	upstream	*
Linux-intel	Ubuntu	upstream	*
Linux-intel-iot-realtime	Ubuntu	upstream	*
Linux-intel-iotg	Ubuntu	upstream	*
Linux-intel-iotg-5.15	Ubuntu	upstream	*
Linux-iot	Ubuntu	upstream	*
Linux-kvm	Ubuntu	bionic	*
Linux-kvm	Ubuntu	upstream	*
Linux-kvm	Ubuntu	xenial	*
Linux-lowlatency	Ubuntu	upstream	*
Linux-lowlatency-hwe-5.15	Ubuntu	upstream	*
Linux-lowlatency-hwe-6.8	Ubuntu	upstream	*
Linux-lts-trusty	Ubuntu	precise/esm	*
Linux-lts-trusty	Ubuntu	upstream	*
Linux-lts-xenial	Ubuntu	trusty	*
Linux-lts-xenial	Ubuntu	trusty/esm	*
Linux-lts-xenial	Ubuntu	upstream	*
Linux-nvidia	Ubuntu	upstream	*
Linux-nvidia-6.5	Ubuntu	upstream	*
Linux-nvidia-6.8	Ubuntu	upstream	*
Linux-nvidia-lowlatency	Ubuntu	upstream	*
Linux-oem	Ubuntu	bionic	*
Linux-oem	Ubuntu	upstream	*
Linux-oem	Ubuntu	xenial	*
Linux-oem-5.6	Ubuntu	upstream	*
Linux-oem-6.8	Ubuntu	upstream	*
Linux-oem-osp1	Ubuntu	bionic	*
Linux-oem-osp1	Ubuntu	upstream	*
Linux-oracle	Ubuntu	bionic	*
Linux-oracle	Ubuntu	upstream	*
Linux-oracle	Ubuntu	xenial	*
Linux-oracle-5.0	Ubuntu	bionic	*
Linux-oracle-5.0	Ubuntu	esm-infra/bionic	*
Linux-oracle-5.0	Ubuntu	upstream	*
Linux-oracle-5.15	Ubuntu	upstream	*
Linux-oracle-5.3	Ubuntu	bionic	*
Linux-oracle-5.3	Ubuntu	esm-infra/bionic	*
Linux-oracle-5.3	Ubuntu	upstream	*
Linux-oracle-5.4	Ubuntu	upstream	*
Linux-oracle-6.8	Ubuntu	upstream	*
Linux-raspi	Ubuntu	upstream	*
Linux-raspi-5.4	Ubuntu	upstream	*
Linux-raspi-realtime	Ubuntu	upstream	*
Linux-raspi2	Ubuntu	bionic	*
Linux-raspi2	Ubuntu	focal	*
Linux-raspi2	Ubuntu	upstream	*
Linux-raspi2	Ubuntu	xenial	*
Linux-raspi2-5.3	Ubuntu	bionic	*
Linux-raspi2-5.3	Ubuntu	upstream	*
Linux-realtime	Ubuntu	jammy	*
Linux-realtime	Ubuntu	upstream	*
Linux-riscv	Ubuntu	jammy	*
Linux-riscv	Ubuntu	upstream	*
Linux-riscv-5.15	Ubuntu	upstream	*
Linux-riscv-6.8	Ubuntu	upstream	*
Linux-snapdragon	Ubuntu	bionic	*
Linux-snapdragon	Ubuntu	upstream	*
Linux-snapdragon	Ubuntu	xenial	*
Linux-xilinx-zynqmp	Ubuntu	upstream	*

Potential Mitigations

Use a language that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.
If possible, choose a language or compiler that performs automatic bounds checking.
Use a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.
Use libraries or frameworks that make it easier to handle numbers without unexpected consequences.
Examples include safe integer handling packages such as SafeInt (C++) or IntegerLib (C or C++). [REF-106]
Perform input validation on any numeric input by ensuring that it is within the expected range. Enforce that the input meets both the minimum and maximum requirements for the expected range.
Use unsigned integers where possible. This makes it easier to perform validation for integer overflows. When signed integers are required, ensure that the range check includes minimum values as well as maximum values.
Understand the programming language’s underlying representation and how it interacts with numeric calculation (CWE-681). Pay close attention to byte size discrepancies, precision, signed/unsigned distinctions, truncation, conversion and casting between types, “not-a-number” calculations, and how the language handles numbers that are too large or too small for its underlying representation. [REF-7]
Also be careful to account for 32-bit, 64-bit, and other potential differences that may affect the numeric representation.

https://cwe.mitre.org/data/definitions/92.html

NVD	https://nvd.nist.gov/vuln/detail/CVE-2020-0432
CWE	https://cwe.mitre.org/data/definitions/190.html

Integer Overflow or Wraparound

Weakness

Affected Software

Potential Mitigations

References

CVE-2020-0432

Integer Overflow or Wraparound

Weakness

Affected Software

Potential Mitigations

Related Attack Patterns

References