CVE-2020-0458
HIGHAndroid 8.0-10 - Remote Code Execution via Integer Overflow in SPDIFEncoder
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2020-0458. PoCs published by nanopathi.
AI-analyzed exploit summary This repository contains a proof-of-concept exploit for CVE-2020-0458, a vulnerability in the Android ALSA (Advanced Linux Sound Architecture) device profile handling. The exploit targets a flaw in the `alsa_device_profile.c` file, which could lead to privilege escalation or denial of service due to improper handling of audio device configurations.
Description
In SPDIFEncoder::writeBurstBufferBytes and related methods of SPDIFEncoder.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-8.0 Android-8.1Android ID: A-160265164
Exploits (1)
This repository contains a proof-of-concept exploit for CVE-2020-0458, a vulnerability in the Android ALSA (Advanced Linux Sound Architecture) device profile handling. The exploit targets a flaw in the `alsa_device_profile.c` file, which could lead to privilege escalation or denial of service due to improper handling of audio device configurations.
References (1)
Scores
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H