CVE-2020-0108

HIGH

Android - Privilege Escalation

Title source: llm

Description

In postNotification of ServiceRecord.java, there is a possible bypass of foreground process restrictions due to an uncaught exception. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-8.1 Android-9Android ID: A-140108616

Exploits (2)

github 34 stars

by DarkFunct · cpoc

https://github.com/DarkFunct/CVE_Exploits/tree/main/CVE-2020-0108

nomisec WORKING POC 11 stars

by CrackerCat · poc

https://github.com/CrackerCat/ServiceCheater

View Code ZIP pw:eip

References (1)

[Vendor Advisory] https://source.android.com/security/bulletin/2020-08-01

Scores

CVSS v3 7.8

EPSS 0.0184

EPSS Percentile 83.0%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-755

Status published

Products (3)

google/android 8.1

google/android 9.0

google/android 10.0

Published Aug 11, 2020

Tracked Since Feb 18, 2026