VDB
CVE-2020-0041
CVE-2020-0041
PUBLISHED
KEV
In binder_transaction of binder.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-145988638References: Upstream kernel
EPSS 23.86% · 96.1th percentile
Risk Scores
EPSS Score
23.86%
96.1th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:24.04:LTS | linux-raspi-realtime | 0, 6.8.0-2019.20 |
| Ubuntu:18.04:LTS | linux-gcp-5.3 | 5.3.0-1010.11~18.04.1, 5.3.0-1009.10~18.04.1, 0 |
| Ubuntu:20.04:LTS | linux-gke | 5.4.0-1042.44, 5.4.0-1041.43, 5.4.0-1039.41 |
| Ubuntu:20.04:LTS | linux-gkeop | 5.4.0-1049.52, 5.4.0-1033.34, 5.4.0-1034.35 |
| Ubuntu:22.04:LTS | linux-riscv | 5.15.0-1004.4, 5.15.0-1028.32, 5.13.0-1004.4 |
| Ubuntu:20.04:LTS | linux-azure-fde | *, 5.4.0-1078.81+cvm1.1, 5.4.0-1076.79+cvm1.1 |
| Ubuntu:18.04:LTS | linux-azure-edge | 4.18.0-1006.6~18.04.1, *, * |
| Ubuntu:18.04:LTS | linux-gke-5.3 | *, 0 |
| Ubuntu:18.04:LTS | linux-gcp-edge | 5.0.0-1011.11~18.04.1, 4.18.0-1004.5~18.04.1, 4.18.0-1005.6~18.04.1 |
| Ubuntu:18.04:LTS | linux-azure-5.3 | 0, 5.3.0-1008.9~18.04.1, 5.3.0-1007.8~18.04.1 |
| Ubuntu:18.04:LTS | linux-raspi2-5.3 | 0, 5.3.0-1017.19~18.04.1 |
| Ubuntu:18.04:LTS | linux-hwe | 0, 4.18.0-14.15~18.04.1, 4.18.0-17.18~18.04.1 |
| Ubuntu:22.04:LTS | linux-intel-iot-realtime | 0, 5.15.0-1073.75 |
| Ubuntu:16.04:LTS | linux-hwe-edge | *, *, 4.10.0-24.28~16.04.1 |
| Ubuntu:18.04:LTS | linux-hwe-edge | *, 0, 5.0.0-15.16~18.04.1 |
| Ubuntu:22.04:LTS | linux-realtime | 5.15.0-1032.35, 0 |
| Ubuntu:20.04:LTS | linux-gkeop-5.15 | 5.15.0-1003.5~20.04.2, 5.15.0-1007.10~20.04.1, 5.15.0-1008.12~20.04.1 |
Exploit Intelligence
- Local privilege escalation exploit for Android Binder bug CVE-2020-0041 (Pixel 3a) (github-poc-repo)
- Local privilege escalation exploit for Android Binder bug CVE-2020-0041 (Pixel 3a) (github-poc-repo)
- Local privilege escalation exploit for Android Binder bug CVE-2020-0041 (Pixel 3a) (github-poc-repo)
- Local privilege escalation exploit for Android Binder bug CVE-2020-0041 (Pixel 3a) (github-poc-repo)
- Local privilege escalation exploit for Android Binder bug CVE-2020-0041 (Pixel 3a) (github-poc-repo)
- Local privilege escalation exploit for Android Binder bug CVE-2020-0041 (Pixel 3a) (github-poc-repo)
- Local privilege escalation exploit for Android Binder bug CVE-2020-0041 (Pixel 3a) (github-poc-repo)
- koharin/CVE-2020-0041 (github-poc-repo)
- koharin/CVE-2020-0041 (github-poc-repo)
- koharin/CVE-2020-0041 (github-poc-repo)
…and 78 more exploits
Timeline
- Jan 19, 1970 VulnCheck XDB Entry
- Jan 19, 1970 VulnCheck XDB Entry
- Jan 20, 1970 VulnCheck XDB Entry
- Mar 3, 2020 CVE Published
- Apr 14, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Oct 28, 2021 VulnCheck KEV Exploitation
- Nov 3, 2021 CISA KEV Added
- Dec 27, 2021 EPSS Score
- Feb 4, 2022 EPSS Score
- May 1, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
References
- https://ubuntu.com/security/CVE-2020-0041 third-party-advisory
- https://git.kernel.org/linus/16981742717b04644a41052570fb502682a315d2 third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2020-0041 third-party-advisory
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog third-party-advisory