HIGH🇬🇧 English

CVE-2020-11828

CVSS 7.5v3.1pub. 2020-04-21upd. 2024-11-21

In ColorOS (oppo mobile phone operating system, based on AOSP frameworks/native code position/services/surfaceflinger surfaceflinger.CPP), RGB is defined on the stack but uninitialized, so when the screenShot function to RGB value assignment, will not initialize the value is returned to the attackers, leading to values on the stack information leakage, the vulnerability can be used to bypass attackers ALSR.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
  • Oppo Coloros

    OS
    Oppo
    wszystkie wersje
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2020-11829CRITICAL9.8ten sam produkt

Dynamic loading of services in the backup and restore SDK leads to elevated privileges, affected product is co...

CVE-2023-26310HIGH7.4ten sam produkt

There is a command injection problem in the old version of the mobile phone backup app.

CVE-2021-23246HIGH7.5ten sam produkt

In ACE2 ColorOS11, the attacker can obtain the foreground package name through permission promotion, resulting...

CVE-2021-23244HIGH7.8ten sam produkt

ColorOS pregrant dangerous permissions to apps which are listed in a whitelist xml named default-grant-permiss...

CVE-2024-1608CRITICAL9.1PL ✓ten sam vendor

Privilege escalation w OPPO Usercenter Credit SDK — wyciek danych aplikacji

CVE-2020-11828 — HIGH 7.5 | CVEbaza.pl