VDB
CVE-2020-11261
CVE-2020-11261
PUBLISHED
KEV
In Google Android existieren mehrere Schwachstellen. Die Schwachstellen existieren in den Komponenten "Framework", "Media Framework", "System", "Kernel components", "MediaTek components", "Qualcomm components" sowie "Qualcomm closed-source components". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erhöhen, beliebigen Programmcode auszuführen, einen Denial of Service Zustand herzustellen oder Informationen offenzulegen.
EPSS 0.85% · 75.3th percentile
Risk Scores
EPSS Score
0.85%
75.3th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Google Android 11 | ||
| Open Source | Open Source Arch Linux | |
| SUSE | SUSE Linux | |
| RIM | BlackBerry BlackBerry | |
| Debian | Debian Linux | |
| Google Android 8.0 | ||
| Red Hat | Red Hat Enterprise Linux | |
| Google Android 8.1 | ||
| Google Android 10 | ||
| Google Android 9 |
Exploit Intelligence
- Pazhanivelmani/libexif_Android10_r33_CVE-2016-6328 (github-poc)
- Pazhanivelmani/libexif_Android10_r33_CVE-2016-6328 (github-poc)
- Pazhanivelmani/libexif_Android10_r33_CVE-2016-6328 (github-poc)
- Pazhanivelmani/libexif_Android10_r33_CVE-2016-6328 (github-poc)
- Pazhanivelmani/libexif_Android10_r33_CVE-2016-6328 (github-poc)
- Pazhanivelmani/libexif_Android10_r33_CVE-2016-6328 (github-poc)
- https://source.android.com/security/bulletin/2021-01-01 (circl)
- Memory management logic error in kgsl driver (Qualcomm Android) (gpz)
- Memory management logic error in kgsl driver (Qualcomm Android) (gpz)
- Memory management logic error in kgsl driver (Qualcomm Android) (gpz)
…and 21 more exploits
Timeline
- Jan 4, 2021 PoC Published
- Jan 4, 2021 CVE Published
- Jun 9, 2021 EPSS Score
- Jun 19, 2021 EPSS Score
- Aug 10, 2021 EPSS Score
- Oct 10, 2021 EPSS Score
- Dec 1, 2021 CISA KEV Added
- Dec 9, 2021 EPSS Score
- Jan 6, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- Apr 10, 2022 EPSS Score
- Jun 10, 2022 EPSS Score
References
- https://wid.cert-bund.de/.well-known/csaf/white/2021/wid-sec-w-2022-1994.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-1994 advisory
- https://thehackernews.com/2021/03/warning-new-android-zero-day.html advisory
- https://source.android.com/security/bulletin/2021-01-01 advisory
- https://source.android.com/security/bulletin/pixel/2021-01-01 advisory
- https://lgsecurity.lge.com/security_updates_mobile.html advisory
- https://security.samsungmobile.com/securityUpdate.smsb advisory
- https://security.archlinux.org/ASA-202101-34/generate advisory
- http://support.blackberry.com/kb/articleDetail?language=en_US&articleNumber=000073450 advisory
- https://lists.debian.org/debian-lts-announce/2021/02/msg00010.html advisory
- https://lists.suse.com/pipermail/sle-security-updates/2021-February/008290.html advisory
- https://lists.suse.com/pipermail/sle-security-updates/2021-February/008292.html advisory
- https://lists.suse.com/pipermail/sle-security-updates/2021-February/008354.html advisory
- https://lists.suse.com/pipermail/sle-security-updates/2021-March/008502.html advisory
- https://access.redhat.com/errata/RHSA-2022:7700 advisory
- https://access.redhat.com/errata/RHSA-2024:3486 advisory