CVE-2020-0203

HIGH

Android 10 - Local Privilege Escalation via UID Reuse in ProcessList.java

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2020-0203. PoCs published by Trinadh465.

AI-analyzed exploit summary This repository contains a proof-of-concept for CVE-2020-0203, an Android autofill vulnerability. The code includes test cases demonstrating the exploit by manipulating autofill services and focusing on input fields.

Description

In freeIsolatedUidLocked of ProcessList.java, there is a possible UID reuse due to improper cleanup. This could lead to local escalation of privilege between constrained processes with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-146313311

Exploits (1)

nomisec WORKING POC

by Trinadh465 · poc

https://github.com/Trinadh465/frameworks_base_AOSP10_r33_CVE-2020-0203

View Code ZIP pw:eip

This repository contains a proof-of-concept for CVE-2020-0203, an Android autofill vulnerability. The code includes test cases demonstrating the exploit by manipulating autofill services and focusing on input fields.

Classification

Working Poc 90%

Attack Type

Other

Complexity

Moderate

Reliability

Reliable

Target: Android AOSP 10 r33

No auth needed

Prerequisites: Android device with vulnerable autofill service

MITRE ATT&CK

T1552 - Unsecured Credentials

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Patch, Vendor Advisory x_refsource_misc

https://source.android.com/security/bulletin/pixel/2020-06-01

Scores

CVSS v3 7.8

EPSS 0.0025

EPSS Percentile 15.7%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-404

Status published

Products (1)

google/android 10.0

Published Jun 11, 2020

Tracked Since Feb 18, 2026