cnvd - cnvd-2022-32821

cnvd-2022-32821

Vulnerability from cnvd

Title: Xiaomi MIUI权限提升漏洞

Description:

Xiaomi MIUI是中国小米科技（Xiaomi）公司的一套基于Android开发的智能手机操作系统。

Xiaomi MIUI 12.5.2版本存在安全漏洞，该漏洞源于调用函数时，内存指针被复制到两个函数模块。攻击者可利用漏洞通过恶意操作导致指针重复释放，导致受影响模块崩溃，影响正常功能，如果成功利用该漏洞会导致特权提升。

Severity: 高

Patch Name: Xiaomi MIUI权限提升漏洞的补丁

Patch Description:

Xiaomi MIUI是中国小米科技（Xiaomi）公司的一套基于Android开发的智能手机操作系统。

Xiaomi MIUI 12.5.2版本存在安全漏洞，该漏洞源于调用函数时，内存指针被复制到两个函数模块。攻击者可利用漏洞通过恶意操作导致指针重复释放，导致受影响模块崩溃，影响正常功能，如果成功利用该漏洞会导致特权提升。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description:

目前厂商已发布升级补丁以修复漏洞，详情请关注厂商主页： https://trust.mi.com/zh-CN/misrc/bulletins/advisory?cveId=134

Reference: https://cxsecurity.com/cveshow/CVE-2020-14123/

Impacted products

Name
Xiaomi MIUI 12.5.2

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2020-14123"
    }
  },
  "description": "Xiaomi MIUI\u662f\u4e2d\u56fd\u5c0f\u7c73\u79d1\u6280\uff08Xiaomi\uff09\u516c\u53f8\u7684\u4e00\u5957\u57fa\u4e8eAndroid\u5f00\u53d1\u7684\u667a\u80fd\u624b\u673a\u64cd\u4f5c\u7cfb\u7edf\u3002\n\nXiaomi MIUI 12.5.2\u7248\u672c\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u8c03\u7528\u51fd\u6570\u65f6\uff0c\u5185\u5b58\u6307\u9488\u88ab\u590d\u5236\u5230\u4e24\u4e2a\u51fd\u6570\u6a21\u5757\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u6f0f\u6d1e\u901a\u8fc7\u6076\u610f\u64cd\u4f5c\u5bfc\u81f4\u6307\u9488\u91cd\u590d\u91ca\u653e\uff0c\u5bfc\u81f4\u53d7\u5f71\u54cd\u6a21\u5757\u5d29\u6e83\uff0c\u5f71\u54cd\u6b63\u5e38\u529f\u80fd\uff0c\u5982\u679c\u6210\u529f\u5229\u7528\u8be5\u6f0f\u6d1e\u4f1a\u5bfc\u81f4\u7279\u6743\u63d0\u5347\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8be6\u60c5\u8bf7\u5173\u6ce8\u5382\u5546\u4e3b\u9875\uff1a\r\nhttps://trust.mi.com/zh-CN/misrc/bulletins/advisory?cveId=134",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2022-32821",
  "openTime": "2022-04-27",
  "patchDescription": "Xiaomi MIUI\u662f\u4e2d\u56fd\u5c0f\u7c73\u79d1\u6280\uff08Xiaomi\uff09\u516c\u53f8\u7684\u4e00\u5957\u57fa\u4e8eAndroid\u5f00\u53d1\u7684\u667a\u80fd\u624b\u673a\u64cd\u4f5c\u7cfb\u7edf\u3002\r\n\r\nXiaomi MIUI 12.5.2\u7248\u672c\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u8c03\u7528\u51fd\u6570\u65f6\uff0c\u5185\u5b58\u6307\u9488\u88ab\u590d\u5236\u5230\u4e24\u4e2a\u51fd\u6570\u6a21\u5757\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u6f0f\u6d1e\u901a\u8fc7\u6076\u610f\u64cd\u4f5c\u5bfc\u81f4\u6307\u9488\u91cd\u590d\u91ca\u653e\uff0c\u5bfc\u81f4\u53d7\u5f71\u54cd\u6a21\u5757\u5d29\u6e83\uff0c\u5f71\u54cd\u6b63\u5e38\u529f\u80fd\uff0c\u5982\u679c\u6210\u529f\u5229\u7528\u8be5\u6f0f\u6d1e\u4f1a\u5bfc\u81f4\u7279\u6743\u63d0\u5347\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Xiaomi MIUI\u6743\u9650\u63d0\u5347\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Xiaomi MIUI 12.5.2"
  },
  "referenceLink": "https://cxsecurity.com/cveshow/CVE-2020-14123/",
  "serverity": "\u9ad8",
  "submitTime": "2022-04-25",
  "title": "Xiaomi MIUI\u6743\u9650\u63d0\u5347\u6f0f\u6d1e"
}

CVE-2020-14123 (GCVE-0-2020-14123)

Vulnerability from cvelistv5

Published

2022-04-22 15:17

Modified

2024-08-04 12:39

Severity ?

CWE

Pointer Double Free Vulnerability

Summary

There is a pointer double free vulnerability in Some MIUI Services. When a function is called, the memory pointer is copied to two function modules, and an attacker can cause the pointer to be repeatedly released through malicious operations, resulting in the affected module crashing and affecting normal functionality, and if successfully exploited the vulnerability can cause elevation of privileges.

References

▼	URL	Tags
	https://trust.mi.com/zh-CN/misrc/bulletins/advisory?cveId=134	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	MIUI	Version: MIUI version 12.5.2

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T12:39:35.902Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://trust.mi.com/zh-CN/misrc/bulletins/advisory?cveId=134"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "MIUI",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "MIUI version 12.5.2"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "There is a pointer double free vulnerability in Some MIUI Services. When a function is called, the memory pointer is copied to two function modules, and an attacker can cause the pointer to be repeatedly released through malicious operations, resulting in the affected module crashing and affecting normal functionality, and if successfully exploited the vulnerability can cause elevation of privileges."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Pointer Double Free Vulnerability",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-04-22T15:17:36",
        "orgId": "b57733aa-7326-4f07-8e09-0be8e0df1909",
        "shortName": "Xiaomi"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://trust.mi.com/zh-CN/misrc/bulletins/advisory?cveId=134"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@xiaomi.com",
          "ID": "CVE-2020-14123",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "MIUI",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "MIUI version 12.5.2"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "There is a pointer double free vulnerability in Some MIUI Services. When a function is called, the memory pointer is copied to two function modules, and an attacker can cause the pointer to be repeatedly released through malicious operations, resulting in the affected module crashing and affecting normal functionality, and if successfully exploited the vulnerability can cause elevation of privileges."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Pointer Double Free Vulnerability"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://trust.mi.com/zh-CN/misrc/bulletins/advisory?cveId=134",
              "refsource": "MISC",
              "url": "https://trust.mi.com/zh-CN/misrc/bulletins/advisory?cveId=134"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b57733aa-7326-4f07-8e09-0be8e0df1909",
    "assignerShortName": "Xiaomi",
    "cveId": "CVE-2020-14123",
    "datePublished": "2022-04-22T15:17:36",
    "dateReserved": "2020-06-15T00:00:00",
    "dateUpdated": "2024-08-04T12:39:35.902Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted