Vulnerabilities > CVE-2020-11828 - Use of Uninitialized Resource vulnerability in Oppo Coloros

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

low complexity

oppo

CWE-908

NVD

Published: 2020-04-21

Updated: 2021-07-21

Summary

In ColorOS (oppo mobile phone operating system, based on AOSP frameworks/native code position/services/surfaceflinger surfaceflinger.CPP), RGB is defined on the stack but uninitialized, so when the screenShot function to RGB value assignment, will not initialize the value is returned to the attackers, leading to values on the stack information leakage, the vulnerability can be used to bypass attackers ALSR.

Vulnerable Configurations

Part	Description	Count
OS	Oppo Oppo Coloros -	1

Common Weakness Enumeration (CWE)

CWE-908 - Use of Uninitialized Resource

References

https://security.oppo.com/cn/noticedetails.html?noticeId=20201587348300033