CVE-2020-0443 - In LocaleList of LocaleList.java, there is a possible forced reboot due to an uncaught exception. Th

CVE-2020-0443

Summary

In LocaleList of LocaleList.java, there is a possible forced reboot due to an uncaught exception. This could lead to local denial of service requiring factory reset to restore with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-152410253

References

https://source.android.com/security/bulletin/2020-11-01

Vulnerable Configurations

cpe:2.3:o:google:android:8.0:*:*:*:*:*:*:*
cpe:2.3:o:google:android:8.0:*:*:*:*:*:*:*
cpe:2.3:o:google:android:8.1:*:*:*:*:*:*:*
cpe:2.3:o:google:android:8.1:*:*:*:*:*:*:*
cpe:2.3:o:google:android:9.0:*:*:*:*:*:*:*
cpe:2.3:o:google:android:9.0:*:*:*:*:*:*:*
cpe:2.3:o:google:android:10.0:*:*:*:*:*:*:*
cpe:2.3:o:google:android:10.0:*:*:*:*:*:*:*
cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*
cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*

CVSS

Base:	2.1 (as of 21-07-2021 - 11:39)
Impact:
Exploitability:

CWE

CWE-754

CAPEC

Access

Vector	Complexity	Authentication
LOCAL	LOW	NONE

Impact

Confidentiality	Integrity	Availability
NONE	NONE	PARTIAL

cvss-vector via4

AV:L/AC:L/Au:N/C:N/I:N/A:P

refmap via4

misc

https://source.android.com/security/bulletin/2020-11-01

Last major update

21-07-2021 - 11:39

Published

10-11-2020 - 13:15

Last modified

21-07-2021 - 11:39