HIGH🇵🇱 Wersja polska

CVE-2020-11828

CVSS 7.5v3.1pub. 2020-04-21upd. 2024-11-21

In ColorOS (oppo mobile phone operating system, based on AOSP frameworks/native code position/services/surfaceflinger surfaceflinger.CPP), RGB is defined on the stack but uninitialized, so when the screenShot function to RGB value assignment, will not initialize the value is returned to the attackers, leading to values on the stack information leakage, the vulnerability can be used to bypass attackers ALSR.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
  • Oppo Coloros

    OS
    Oppo
    wszystkie wersje
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2020-11829CRITICAL9.8ten sam produkt

Dynamic loading of services in the backup and restore SDK leads to elevated privileges, affected product is co...

CVE-2023-26310HIGH7.4ten sam produkt

There is a command injection problem in the old version of the mobile phone backup app.

CVE-2021-23246HIGH7.5ten sam produkt

In ACE2 ColorOS11, the attacker can obtain the foreground package name through permission promotion, resulting...

CVE-2021-23244HIGH7.8ten sam produkt

ColorOS pregrant dangerous permissions to apps which are listed in a whitelist xml named default-grant-permiss...

CVE-2024-1608CRITICAL9.1PL ✓ten sam vendor

Privilege escalation w OPPO Usercenter Credit SDK — wyciek danych aplikacji