CVE-2020-0041

HIGH KEV

Android - Privilege Escalation

Title source: llm

Description

In binder_transaction of binder.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-145988638References: Upstream kernel

Exploits (5)

nomisec WORKING POC 253 stars

by bluefrostsecurity · local

https://github.com/bluefrostsecurity/CVE-2020-0041

View Code ZIP pw:eip

nomisec WORKING POC 58 stars

by j4nn · local

https://github.com/j4nn/CVE-2020-0041

View Code ZIP pw:eip

nomisec WORKING POC 10 stars

by jcalabres · poc

https://github.com/jcalabres/root-exploit-pixel3

View Code ZIP pw:eip

nomisec WORKING POC 5 stars

by vaginessa · local

https://github.com/vaginessa/CVE-2020-0041-Pixel-3a

View Code ZIP pw:eip

nomisec WORKING POC

by koharin · poc

https://github.com/koharin/CVE-2020-0041

View Code ZIP pw:eip

References (2)

[Vendor Advisory] https://source.android.com/security/bulletin/2020-03-01

[Third Party Advisory, US Government Resource] https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-0041

Scores

CVSS v3 7.8

EPSS 0.2387

EPSS Percentile 96.0%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CISA KEV 2021-11-03

VulnCheck KEV 2021-10-28

InTheWild.io 2021-07-23

ENISA EUVD EUVD-2020-1548

CWE

CWE-20

Status published

Products (1)

google/android

Published Mar 10, 2020

KEV Added Nov 03, 2021

Tracked Since Feb 18, 2026