CVE-2020-0380

CRITICAL

Google Android - Out-of-Bounds Write

Title source: rule

Description

In allocExcessBits of bitalloc.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-146398979

Exploits (1)

nomisec WORKING POC

by ShaikUsaf · poc

https://github.com/ShaikUsaf/system_bt_AOSP10_r33_CVE-2020-0380

View Code ZIP pw:eip

References (1)

[Patch, Vendor Advisory] https://source.android.com/security/bulletin/2020-09-01

Scores

CVSS v3 9.8

EPSS 0.0560

EPSS Percentile 90.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-787

Status published

Products (5)

google/android 8.0

google/android 8.1

google/android 9.0

google/android 10.0

google/android 11.0

Published Sep 17, 2020

Tracked Since Feb 18, 2026