CVE-2020-11828
Last modified
CVE-2020-11828 is a high-severity vulnerability rated 7.5/10 on the CVSS scale. In ColorOS (oppo mobile phone operating system, based on AOSP frameworks/native code position/services/surfaceflinger surfaceflinger.CPP), RGB is defined on the stack but uninitialized, so when the screenShot function to RGB value assignment, will not initialize the value is returned to the attackers, leading to values on the stack information leakage, the vulnerability can be used to bypass attackers ALSR.. EPSS estimates a 1.17% chance of exploitation in the next 30 days.
Description
In ColorOS (oppo mobile phone operating system, based on AOSP frameworks/native code position/services/surfaceflinger surfaceflinger.CPP), RGB is defined on the stack but uninitialized, so when the screenShot function to RGB value assignment, will not initialize the value is returned to the attackers, leading to values on the stack information leakage, the vulnerability can be used to bypass attackers ALSR.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Oppo | Coloros | All versions |
References
- https://security.oppo.com/cn/noticedetails.html?noticeId=20201587348300033Third Party Advisory
- https://security.oppo.com/cn/noticedetails.html?noticeId=20201587348300033Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2020-11828?
How severe is CVE-2020-11828?
How do I fix CVE-2020-11828?
Are you affected by CVE-2020-11828?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST