Incomplete Cleanup in SpecializeCommon of com_android_internal_os_Zygote.cpp Allows Local Privilege Escalation in Android-10

CVE-2020-0257 · HIGH Severity

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

In SpecializeCommon of com_android_internal_os_Zygote.cpp, there is a permissions bypass due to an incomplete cleanup. This could lead to local escalation of privilege in isolated processes with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-156741968

Learn more about our Cis Benchmark Audit For Google Android.