CVE-2020-0443

MEDIUM

Android - Denial of Service via Uncaught Exception in LocaleList

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2020-0443. PoCs published by Supersonic.

AI-analyzed exploit summary This PoC exploits CVE-2020-0443 by manipulating the 'system_locales' setting in Android, causing a boot loop (DoS) upon reboot. The exploit leverages a vulnerability in Android's Settings provider to corrupt system state.

Description

In LocaleList of LocaleList.java, there is a possible forced reboot due to an uncaught exception. This could lead to local denial of service requiring factory reset to restore with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-152410253

Exploits (1)

nomisec WORKING POC 17 stars
by Supersonic · poc
https://github.com/Supersonic/CVE-2020-0443

This PoC exploits CVE-2020-0443 by manipulating the 'system_locales' setting in Android, causing a boot loop (DoS) upon reboot. The exploit leverages a vulnerability in Android's Settings provider to corrupt system state.

Classification
Working Poc 95%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: Android (versions prior to November 2020 security patch)
No auth needed
Prerequisites: Physical or local access to the Android device · Ability to install and run the PoC app
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1
Core References
Patch, Vendor Advisory x_refsource_misc
https://source.android.com/security/bulletin/2020-11-01

Scores

CVSS v3 5.5
EPSS 0.0033
EPSS Percentile 24.7%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Details

CWE
CWE-755
Status published
Products (5)
google/android 8.0
google/android 8.1
google/android 9.0
google/android 10.0
google/android 11.0
Published Nov 10, 2020
Tracked Since Feb 18, 2026