Vulnerabilities > CVE-2020-11834 - Out-of-bounds Write vulnerability in Oppo Find X2 PRO Firmware and Reno3 PRO Firmware

CVSS 5.5 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

local

low complexity

oppo

CWE-787

NVD

Published: 2020-12-31

Updated: 2021-01-06

Summary

In /SM8250_Q_Master/android/vendor/oppo_charger/oppo/oppo_vooc.c, the function proc_fastchg_fw_update_write in proc_fastchg_fw_update_write does not check the parameter len, resulting in a vulnerability.

Vulnerable Configurations

Part	Description	Count
OS	Oppo Oppo Reno3 PRO Firmware - Oppo Find X2 PRO Firmware -	2
Hardware	Oppo Oppo Reno3 PRO - Oppo Find X2 PRO -	2

Common Weakness Enumeration (CWE)

CWE-787 - Out-of-bounds Write

References

https://security.oppo.com/en/noticedetails.html?noticeId=NOTICE-1333235676610830336