Vulnerabilities > CVE-2020-0440 - Missing Authorization vulnerability in Google Android 11.0

047910
CVSS 7.2 - HIGH
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
local
low complexity
google
CWE-862
NVD
Published: 2020-12-14
Updated: 2022-07-12

Summary

In createVirtualDisplay of DisplayManagerService.java, there is a possible way to create a trusted virtual display due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-162627132

Vulnerable Configurations

Part Description Count
OS
Google
1

Common Weakness Enumeration (CWE)

References