Download
| Alert*
CVE-2020-0423
In binder_release_work of binder.c, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndro ... CVE-2020-25211 In the Linux kernel through 5.8.7, local attackers able to inject conntrack netlink configuration could overflow a local buffer, causing crashes or triggering use of incorrect protocol numbers in ctnetlink_parse_tuple_filter in net/netfilter/nf_conntrack_netlink.c, aka CID-1cc5ef91d2ff. CVE-2020-12352 Improper access control in BlueZ may allow an unauthenticated user to potentially enable information disclosure via adjacent access. CVE-2020-12351 Improper input validation in BlueZ may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access. CVE-2020-24490 Improper buffer restrictions in BlueZ may allow an unauthenticated user to potentially enable denial of service via adjacent access. This affects all Linux kernel versions that support BlueZ. |