CVE-2020-0160

HIGH

Android 10 - Denial of Service via Missing Bounds Check in SampleTable.cpp

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2020-0160. PoCs published by nanopathi.

AI-analyzed exploit summary This repository contains a proof-of-concept exploit for CVE-2020-0160, a vulnerability in the Android camera framework. The exploit targets the camera service in AOSP10, specifically focusing on the Camera.cpp file and related components.

Description

In setSyncSampleParams of SampleTable.cpp, there is possible resource exhaustion due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-124771364

Exploits (1)

nomisec WORKING POC

by nanopathi · poc

https://github.com/nanopathi/frameworks_av_AOSP10_r33_CVE-2020-0160

View Code ZIP pw:eip

This repository contains a proof-of-concept exploit for CVE-2020-0160, a vulnerability in the Android camera framework. The exploit targets the camera service in AOSP10, specifically focusing on the Camera.cpp file and related components.

Classification

Working Poc 90%

Attack Type

Lpe

Complexity

Moderate

Reliability

Reliable

Target: Android Open Source Project (AOSP) 10

No auth needed

Prerequisites: Access to the target device · Camera service running on the device

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Patch, Vendor Advisory x_refsource_misc

https://source.android.com/security/bulletin/pixel/2020-06-01

Scores

CVSS v3 8.8

EPSS 0.0106

EPSS Percentile 60.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE

CWE-770 CWE-20

Status published

Products (1)

google/android 10.0

Published Jun 11, 2020

Tracked Since Feb 18, 2026