CVE-2020-0110

high-risk

Published 2020-05-14

In psi_write of psi.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-148159562References: Upstream kernel

Do I need to act?

0.02% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 7.8/10 High

LOCAL / LOW complexity

Affected Products (20)

Android

Jhl6540 Firmware

Jhl6340 Firmware

Jhl6240 Firmware

Jhl7540 Firmware

Jhl7440 Firmware

Jhl7340 Firmware

Jhl8540 Firmware

Jhl8440 Firmware

Core I7-11850He Firmware

Core I7-11600H Firmware

Core I7-11390H Firmware

Core I7-1195G7 Firmware

Core I7-11800H Firmware

Core I7-11850H Firmware

Core I7-11700Kf Firmware

Core I7-11700F Firmware

Core I7-11700 Firmware

Core I7-11700T Firmware

Core I7-11700K Firmware

Affected Vendors

Intel Google

References (4)

Patch https://source.android.com/security/bulletin/2020-05-01

Third Party Advisory https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00533....

Patch https://source.android.com/security/bulletin/2020-05-01

Third Party Advisory https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00533....

/ 100

high-risk

Severity 24/34 · High

Exploitability 0/34 · Minimal

Exposure 32/34 · Critical