CVE-2020-12753

CRITICAL

LG Android OS <10 - RCE

Title source: llm

Description

An issue was discovered on LG mobile devices with Android OS 7.2, 8.0, 8.1, 9, and 10 software. Arbitrary code execution can occur via the bootloader because of an EL1/EL3 coldboot vulnerability involving raw_resources. The LG ID is LVE-SMP-200006 (May 2020).

Exploits (1)

nomisec WORKING POC 45 stars

by shinyquagsire23 · poc

https://github.com/shinyquagsire23/CVE-2020-12753-PoC

View Code ZIP pw:eip

References (3)

[Exploit, Third Party Advisory] https://douevenknow.us/post/619763074822520832/an-el1el3-coldboot-vulnerability

[Vendor Advisory] https://lgsecurity.lge.com/

[Press/Media Coverage, Third Party Advisory] https://www.zdnet.com/article/new-cold-boot-attack-affects-seven-years-of-lg-android-smartphones/

Scores

CVSS v3 9.8

EPSS 0.0629

EPSS Percentile 91.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-787

Status published

Products (5)

google/android 7.2

google/android 8.0

google/android 8.1

google/android 9.0

google/android 10.0

Published May 11, 2020

Tracked Since Feb 18, 2026