CVE-2020-0041
Published: 10 March 2020
Summary
CVE-2020-0041 is a high-severity Improper Input Validation (CWE-20) vulnerability in Google Android. Its CVSS base score is 7.8 (High).
Operationally, ranked in the top 3.9% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Deeper analysis
The vulnerability CVE-2020-0041 is an out of bounds write in the binder_transaction function of binder.c due to an incorrect bounds check. It affects the Android kernel, carries Android ID A-145988638, and is referenced against the upstream kernel. The flaw is assigned CWE-20 and carries a CVSS 3.1 score of 7.8.
A local attacker with existing process privileges can exploit the issue without additional execution rights or user interaction, resulting in escalation of privilege that affects confidentiality, integrity, and availability.
The March 2020 Android security bulletin documents the issue and associated patches, while the CISA known exploited vulnerabilities catalog confirms its presence in real-world attack activity.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2020-1548
Vulnerability details
In binder_transaction of binder.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:…
more
Android kernelAndroid ID: A-145988638References: Upstream kernel
- CWE(s)
- KEV Date Added
- 03 November 2021
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly counters the root cause—an incorrect bounds check in binder_transaction—by enforcing validation of all input sizes before memory operations.
Applies memory-protection mechanisms that block or contain the out-of-bounds write primitive used for local privilege escalation.
Enforces process/kernel isolation boundaries so that a compromised binder transaction cannot freely escalate privileges across security domains.