CVE-2020-0218

HIGH

Android 10 - Local Privilege Escalation via Race Condition in SoundTriggerHwService

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2020-0218. PoCs published by pazhanivel07.

AI-analyzed exploit summary This repository contains a proof-of-concept exploit for CVE-2020-0218, a vulnerability in the Android camera framework. The code includes modifications to the Camera.cpp file and related components, demonstrating how the vulnerability can be exploited.

Description

In loadSoundModel and related functions of SoundTriggerHwService.cpp, there is possible out of bounds write due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-136005905

Exploits (1)

nomisec WORKING POC

by pazhanivel07 · poc

https://github.com/pazhanivel07/frameworks_av-CVE-2020-0218

View Code ZIP pw:eip

This repository contains a proof-of-concept exploit for CVE-2020-0218, a vulnerability in the Android camera framework. The code includes modifications to the Camera.cpp file and related components, demonstrating how the vulnerability can be exploited.

Classification

Working Poc 90%

Attack Type

Lpe

Complexity

Moderate

Reliability

Reliable

Target: Android camera framework

No auth needed

Prerequisites: Access to the target device · Ability to run the exploit code

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Patch, Vendor Advisory x_refsource_misc

https://source.android.com/security/bulletin/pixel/2020-06-01

Scores

CVSS v3 7.0

EPSS 0.0018

EPSS Percentile 7.6%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-362 CWE-787

Status published

Products (1)

google/android 10.0

Published Jun 11, 2020

Tracked Since Feb 18, 2026