CVE-2020-0465 - Vulnerability Details - OpenCVE

In various methods of hid-multitouch.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-162844689References: Upstream kernel

No CVSS v4.0

Attack Vector Physical

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Google	Android
Redhat	Enterprise Linux Rhel Extras Rt

Configuration 1 [-]

cpe:2.3:o:google:android:-:*:*:*:*:*:*:*

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 7
kernel-rt-0:3.10.0-1160.59.1.rt56.1200.el7	cpe:/a:redhat:rhel_extras_rt:7	RHSA-2022:0622	2022-02-22T00:00:00Z
kernel-0:3.10.0-1160.59.1.el7	cpe:/o:redhat:enterprise_linux:7	RHSA-2022:0620	2022-02-22T00:00:00Z

References

Link	Providers
https://nvd.nist.gov/vuln/detail/CVE-2020-0465
https://source.android.com/security/bulletin/2020-12-01
https://www.cve.org/CVERecord?id=CVE-2020-0465

History

No history.

MITRE

Status: PUBLISHED

Assigner: google_android

Published: 2020-12-14T21:51:48

Updated: 2024-08-04T06:02:51.875Z

Reserved: 2019-10-17T00:00:00

Link: CVE-2020-0465

Vulnrichment

No data.

NVD

Status : Modified

Published: 2020-12-14T22:15:14.223

Modified: 2024-11-21T04:53:33.877

Link: CVE-2020-0465

Redhat

Severity : Moderate

Publid Date: 2021-01-18T00:00:00Z

Links: CVE-2020-0465 - Bugzilla

{"containers": {"cna": {"affected": [{"product": "Android", "vendor": "n/a", "versions": [{"status": "affected", "version": "Android kernel"}]}], "descriptions": [{"lang": "en", "value": "In various methods of hid-multitouch.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-162844689References: Upstream kernel"}], "problemTypes": [{"descriptions": [{"description": "Elevation of privilege", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-12-14T21:51:48", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://source.android.com/security/bulletin/2020-12-01"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@android.com", "ID": "CVE-2020-0465", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Android", "version": {"version_data": [{"version_value": "Android kernel"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In various methods of hid-multitouch.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-162844689References: Upstream kernel"}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Elevation of privilege"}]}]}, "references": {"reference_data": [{"name": "https://source.android.com/security/bulletin/2020-12-01", "refsource": "MISC", "url": "https://source.android.com/security/bulletin/2020-12-01"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T06:02:51.875Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://source.android.com/security/bulletin/2020-12-01"}]}]}, "cveMetadata": {"assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2020-0465", "datePublished": "2020-12-14T21:51:48", "dateReserved": "2019-10-17T00:00:00", "dateUpdated": "2024-08-04T06:02:51.875Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*", "matchCriteriaId": "F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "In various methods of hid-multitouch.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-162844689References: Upstream kernel"}, {"lang": "es", "value": "En varios m\u00e9todos del archivo hid-multitouch.c, se presenta una posible escritura fuera de l\u00edmites debido a una falta de comprobaci\u00f3n de l\u00edmites. Esto podr\u00eda conllevar a una escalada de privilegios local sin ser necesarios privilegios de ejecuci\u00f3n adicionales. No es requerida una interacci\u00f3n del usuario para su explotaci\u00f3n. Producto: Android, Versiones: Kernel de Android, ID de Android: A-162844689, Referencias: Kernel posteriores"}], "id": "CVE-2020-0465", "lastModified": "2024-11-21T04:53:33.877", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "PHYSICAL", "availabilityImpact": "HIGH", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-12-14T22:15:14.223", "references": [{"source": "security@android.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://source.android.com/security/bulletin/2020-12-01"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "https://source.android.com/security/bulletin/2020-12-01"}], "sourceIdentifier": "security@android.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2022:0622", "cpe": "cpe:/a:redhat:rhel_extras_rt:7", "package": "kernel-rt-0:3.10.0-1160.59.1.rt56.1200.el7", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2022-02-22T00:00:00Z"}, {"advisory": "RHSA-2022:0620", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "kernel-0:3.10.0-1160.59.1.el7", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2022-02-22T00:00:00Z"}], "bugzilla": {"description": "kernel: out of bounds write in hid-multitouch.c may lead to escalation of privilege", "id": "1920471", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1920471"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.6", "cvss3_scoring_vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified"}, "cwe": "CWE-20->CWE-787", "details": ["In various methods of hid-multitouch.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-162844689References: Upstream kernel", "A flaw was found in the Linux kernel\u2019s multi-touch input system. An out-of-bounds write triggered by a use-after-free issue could lead to memory corruption or possible privilege escalation. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability."], "mitigation": {"lang": "en:us", "value": "As the multitouch module will be auto-loaded when required, its use can be disabled by preventing the module from loading with the following instructions:\n# echo \"install hid-multitouch /bin/true\" >> /etc/modprobe.d/disable-hid-multitouch.conf\nThe system may need to be restarted if the hid-multitouch module is loaded. In most circumstances, a kernel modules will be unable to be unloaded while in use.\nIf the system requires this module to work correctly, this mitigation may not be suitable.\nIf you need further assistance, see KCS article https://access.redhat.com/solutions/41278 or contact Red Hat Global Support Services."}, "name": "CVE-2020-0465", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel-alt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2021-01-18T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2020-0465\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-0465"], "threat_severity": "Moderate"}