CVE-2020-0407

EPSS 0.01%
Veröffentlicht 17.09.2020 16:15:14
Zuletzt bearbeitet 21.11.2024 04:53:27
Quelle security@android.com
CVE-Watchlists
Login
Unerledigt
Login

In various functions in fscrypt_ice.c and related files in some implementations of f2fs encryption that use encryption hardware which only supports 32-bit IVs (Initialization Vectors), 64-bit IVs are used and later are truncated to 32 bits. This may cause IV reuse and thus weakened disk encryption. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-153450752References: N/A

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Google ≫ Android Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.01%	0.005

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4.4	0.8	3.6	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov	2.1	3.9	2.9	AV:L/AC:L/Au:N/C:P/I:N/A:N

CWE-330 Use of Insufficiently Random Values

The product uses insufficiently random numbers or values in a security context that depends on unpredictable numbers.

https://source.android.com/security/bulletin/2020-09-01

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2020-0407

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-0407

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-0407

EUVD