9.8

CVE-2020-12753

Medienbericht

Exploit

EPSS 6.29%
Veröffentlicht 11.05.2020 16:15:13
Zuletzt bearbeitet 21.11.2024 05:00:12
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

An issue was discovered on LG mobile devices with Android OS 7.2, 8.0, 8.1, 9, and 10 software. Arbitrary code execution can occur via the bootloader because of an EL1/EL3 coldboot vulnerability involving raw_resources. The LG ID is LVE-SMP-200006 (May 2020).

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Google ≫ Android Version7.2

Google ≫ Android Version8.0

Google ≫ Android Version8.1

Google ≫ Android Version9.0

Google ≫ Android Version10.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	6.29%	0.906

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

https://lgsecurity.lge.com/

Vendor Advisory

https://douevenknow.us/post/619763074822520832/an-el1el3-coldboot-vulnerability

Third Party Advisory

Exploit

https://www.zdnet.com/article/new-cold-boot-attack-affects-seven-years-of-lg-android-smartphones/

Third Party Advisory

Press/Media Coverage

https://nvd.nist.gov/vuln/detail/CVE-2020-12753

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-12753

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-12753

EUVD