CVE-2020-10836
CRITICALSamsung mobile devices O(8.x)-Q(10.0) - Memory Corruption
Title source: llmDescription
An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) (Exynos chipsets) software. The Widevine Trustlet allows read and write operations on arbitrary memory locations. The Samsung ID is SVE-2019-15873 (February 2020).
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
https://security.samsungmobile.com/securityUpdate.smsb
Scores
CVSS v3
9.8
EPSS
0.0015
EPSS Percentile
34.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-125
CWE-787
Status
published
Products (4)
google/android
8.0
google/android
8.1
google/android
9.0
google/android
10.0
Published
Mar 24, 2020
Tracked Since
Feb 18, 2026