CVE-2020-0432
Published: 17 September 2020
In skb_to_mamac of networking.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-143560807
Priority
Medium
CVSS 3 base score: 7.8
Status
| Package | Release | Status |
|---|---|---|
|
linux Launchpad, Ubuntu, Debian |
bionic |
Released
(4.15.0-96.97)
|
| focal |
Not vulnerable
(5.4.0-18.22)
|
|
| precise |
Ignored
(was needs-triage ESM criteria)
|
|
| trusty |
Ignored
(was needs-triage ESM criteria)
|
|
| upstream |
Released
(5.6~rc1)
|
|
| xenial |
Released
(4.4.0-177.207)
|
|
|
linux-aws Launchpad, Ubuntu, Debian |
bionic |
Released
(4.15.0-1065.69)
|
| focal |
Not vulnerable
(5.4.0-1005.5)
|
|
| precise |
Does not exist
|
|
| trusty |
Ignored
(was needs-triage ESM criteria)
|
|
| upstream |
Released
(5.6~rc1)
|
|
| xenial |
Released
(4.4.0-1105.116)
|
|
|
linux-aws-5.0 Launchpad, Ubuntu, Debian |
bionic |
Ignored
(was needs-triage now end-of-life)
|
| focal |
Does not exist
|
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(5.6~rc1)
|
|
| xenial |
Does not exist
|
|
|
linux-aws-5.3 Launchpad, Ubuntu, Debian |
bionic |
Ignored
(was needs-triage now end-of-life)
|
| focal |
Does not exist
|
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(5.6~rc1)
|
|
| xenial |
Does not exist
|
|
|
linux-aws-5.4 Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(5.4.0-1018.18~18.04.1)
|
| focal |
Does not exist
|
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(5.6~rc1)
|
|
| xenial |
Does not exist
|
|
|
linux-aws-hwe Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
| focal |
Does not exist
|
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(5.6~rc1)
|
|
| xenial |
Released
(4.15.0-1065.69~16.04.1)
|
|
|
linux-azure Launchpad, Ubuntu, Debian |
bionic |
Ignored
(was needs-triage now end-of-life)
|
| focal |
Not vulnerable
(5.4.0-1006.6)
|
|
| precise |
Does not exist
|
|
| trusty |
Ignored
(was needs-triage ESM criteria)
|
|
| upstream |
Released
(5.6~rc1)
|
|
| xenial |
Released
(4.15.0-1077.82)
|
|
|
linux-azure-4.15 Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(4.15.0-1082.92)
|
| focal |
Does not exist
|
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(5.6~rc1)
|
|
| xenial |
Does not exist
|
|
|
linux-azure-5.3 Launchpad, Ubuntu, Debian |
bionic |
Ignored
(was needs-triage now end-of-life)
|
| focal |
Does not exist
|
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(5.6~rc1)
|
|
| xenial |
Does not exist
|
|
|
linux-azure-5.4 Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(5.4.0-1020.20~18.04.1)
|
| focal |
Does not exist
|
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(5.6~rc1)
|
|
| xenial |
Does not exist
|
|
|
linux-azure-edge Launchpad, Ubuntu, Debian |
bionic |
Ignored
(was needs-triage now end-of-life)
|
| focal |
Does not exist
|
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(5.6~rc1)
|
|
| xenial |
Does not exist
|
|
|
linux-gcp Launchpad, Ubuntu, Debian |
bionic |
Ignored
(was needs-triage now end-of-life)
|
| focal |
Not vulnerable
(5.4.0-1005.5)
|
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(5.6~rc1)
|
|
| xenial |
Released
(4.15.0-1060.64)
|
|
|
linux-gcp-4.15 Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(4.15.0-1071.81)
|
| focal |
Does not exist
|
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(5.6~rc1)
|
|
| xenial |
Does not exist
|
|
|
linux-gcp-5.3 Launchpad, Ubuntu, Debian |
bionic |
Ignored
(was needs-triage now end-of-life)
|
| focal |
Does not exist
|
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(5.6~rc1)
|
|
| xenial |
Does not exist
|
|
|
linux-gcp-5.4 Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(5.4.0-1019.19~18.04.2)
|
| focal |
Does not exist
|
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(5.6~rc1)
|
|
| xenial |
Does not exist
|
|
|
linux-gcp-edge Launchpad, Ubuntu, Debian |
bionic |
Ignored
(was needs-triage now end-of-life)
|
| focal |
Does not exist
|
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(5.6~rc1)
|
|
| xenial |
Does not exist
|
|
|
linux-gke-4.15 Launchpad, Ubuntu, Debian |
bionic |
Released
(4.15.0-1057.60)
|
| focal |
Does not exist
|
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(5.6~rc1)
|
|
| xenial |
Does not exist
|
|
|
linux-gke-5.0 Launchpad, Ubuntu, Debian |
bionic |
Released
(5.0.0-1033.34)
|
| focal |
Does not exist
|
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(5.6~rc1)
|
|
| xenial |
Does not exist
|
|
|
linux-gke-5.3 Launchpad, Ubuntu, Debian |
bionic |
Released
(5.3.0-1017.18~18.04.1)
|
| focal |
Does not exist
|
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(5.6~rc1)
|
|
| xenial |
Does not exist
|
|
|
linux-hwe Launchpad, Ubuntu, Debian |
bionic |
Released
(5.3.0-46.38~18.04.1)
|
| focal |
Does not exist
|
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(5.6~rc1)
|
|
| xenial |
Released
(4.15.0-96.97~16.04.1)
|
|
|
linux-hwe-5.4 Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(5.4.0-37.41~18.04.1)
|
| focal |
Does not exist
|
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(5.6~rc1)
|
|
| xenial |
Does not exist
|
|
|
linux-hwe-edge Launchpad, Ubuntu, Debian |
bionic |
Ignored
(was needs-triage now end-of-life)
|
| focal |
Does not exist
|
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(5.6~rc1)
|
|
| xenial |
Ignored
(was needs-triage now end-of-life)
|
|
|
linux-kvm Launchpad, Ubuntu, Debian |
bionic |
Released
(4.15.0-1058.59)
|
| focal |
Not vulnerable
(5.4.0-1004.4)
|
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(5.6~rc1)
|
|
| xenial |
Released
(4.4.0-1069.76)
|
|
|
linux-lts-trusty Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
| focal |
Does not exist
|
|
| precise |
Ignored
(was needs-triage ESM criteria)
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(5.6~rc1)
|
|
| xenial |
Does not exist
|
|
|
linux-lts-xenial Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
| focal |
Does not exist
|
|
| precise |
Does not exist
|
|
| trusty |
Ignored
(was needs-triage ESM criteria)
|
|
| upstream |
Released
(5.6~rc1)
|
|
| xenial |
Does not exist
|
|
|
linux-oem Launchpad, Ubuntu, Debian |
bionic |
Released
(4.15.0-1079.89)
|
| focal |
Does not exist
|
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(5.6~rc1)
|
|
| xenial |
Ignored
(was needs-triage now end-of-life)
|
|
|
linux-oem-5.6 Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
| focal |
Not vulnerable
(5.6.0-1007.7)
|
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(5.6~rc1)
|
|
| xenial |
Does not exist
|
|
|
linux-oem-osp1 Launchpad, Ubuntu, Debian |
bionic |
Released
(5.0.0-1047.52)
|
| focal |
Does not exist
|
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(5.6~rc1)
|
|
| xenial |
Does not exist
|
|
|
linux-oracle Launchpad, Ubuntu, Debian |
bionic |
Released
(4.15.0-1037.41)
|
| focal |
Not vulnerable
(5.4.0-1005.5)
|
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(5.6~rc1)
|
|
| xenial |
Released
(4.15.0-1037.41~16.04.1)
|
|
|
linux-oracle-5.0 Launchpad, Ubuntu, Debian |
bionic |
Ignored
(was needs-triage now end-of-life)
|
| focal |
Does not exist
|
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(5.6~rc1)
|
|
| xenial |
Does not exist
|
|
|
linux-oracle-5.3 Launchpad, Ubuntu, Debian |
bionic |
Ignored
(was needs-triage now end-of-life)
|
| focal |
Does not exist
|
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(5.6~rc1)
|
|
| xenial |
Does not exist
|
|
|
linux-oracle-5.4 Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(5.4.0-1019.19~18.04.1)
|
| focal |
Does not exist
|
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(5.6~rc1)
|
|
| xenial |
Does not exist
|
|
|
linux-raspi Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
| focal |
Not vulnerable
(5.4.0-1007.7)
|
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(5.6~rc1)
|
|
| xenial |
Does not exist
|
|
|
linux-raspi-5.4 Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(5.4.0-1013.13~18.04.1)
|
| focal |
Does not exist
|
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(5.6~rc1)
|
|
| xenial |
Does not exist
|
|
|
linux-raspi2 Launchpad, Ubuntu, Debian |
bionic |
Released
(4.15.0-1060.64)
|
| focal |
Ignored
(was needs-triage now end-of-life)
|
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(5.6~rc1)
|
|
| xenial |
Released
(4.4.0-1131.140)
|
|
|
linux-raspi2-5.3 Launchpad, Ubuntu, Debian |
bionic |
Released
(5.3.0-1022.24~18.04.1)
|
| focal |
Does not exist
|
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(5.6~rc1)
|
|
| xenial |
Does not exist
|
|
|
linux-riscv Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
| focal |
Not vulnerable
(5.4.0-24.28)
|
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(5.6~rc1)
|
|
| xenial |
Does not exist
|
|
|
linux-snapdragon Launchpad, Ubuntu, Debian |
bionic |
Released
(4.15.0-1076.83)
|
| focal |
Does not exist
|
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(5.6~rc1)
|
|
| xenial |
Released
(4.4.0-1135.143)
|
Notes
| Author | Note |
|---|---|
| sbeattie | staging driver, need to confirm it is enabled |
References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0432
- https://git.kernel.org/linus/4d1356ac12f4d5180d0df345d85ff0ee42b89c72
- https://source.android.com/security/bulletin/pixel/2020-09-01
- NVD
- Launchpad
- Debian