CVE-2020-0041

NameCVE-2020-0041
DescriptionIn binder_transaction of binder.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-145988638References: Upstream kernel
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
NVD severityhigh

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
linux (PTS)jessie3.16.56-1+deb8u1vulnerable
jessie (security)3.16.81-1vulnerable
stretch4.9.210-1vulnerable
stretch (security)4.9.189-3+deb9u2vulnerable
buster4.19.98-1vulnerable
buster (security)4.19.67-2+deb10u2vulnerable
bullseye5.4.19-1fixed
sid5.5.13-2fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
linuxsource(unstable)5.4.6-1

Notes

https://git.kernel.org/linus/16981742717b04644a41052570fb502682a315d2

Search for package or bug name: Reporting problems