CVE-2020-11828 - OpenCVE

In ColorOS (oppo mobile phone operating system, based on AOSP frameworks/native code position/services/surfaceflinger surfaceflinger.CPP), RGB is defined on the stack but uninitialized, so when the screenShot function to RGB value assignment, will not initialize the value is returned to the attackers, leading to values on the stack information leakage, the vulnerability can be used to bypass attackers ALSR.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:N/C:P/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Oppo	Coloros

Configuration 1 [-]

cpe:2.3:o:oppo:coloros:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://security.oppo.com/cn/noticedetails.html?noticeId=20201587348300033

History

No history.

MITRE

Status: PUBLISHED

Assigner: OPPO

Published: 2020-04-21T13:42:04

Updated: 2024-08-04T11:42:00.696Z

Reserved: 2020-04-16T00:00:00

Link: CVE-2020-11828

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2020-04-21T14:15:11.223

Modified: 2021-07-21T11:39:23.747

Link: CVE-2020-11828

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Color OS", "vendor": "Oppo", "versions": [{"status": "affected", "version": "6"}, {"status": "affected", "version": "7"}]}], "descriptions": [{"lang": "en", "value": "In ColorOS (oppo mobile phone operating system, based on AOSP frameworks/native code position/services/surfaceflinger surfaceflinger.CPP), RGB is defined on the stack but uninitialized, so when the screenShot function to RGB value assignment, will not initialize the value is returned to the attackers, leading to values on the stack information leakage, the vulnerability can be used to bypass attackers ALSR."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-04-21T13:42:04", "orgId": "7f2b1ad8-5432-4d64-91a1-9099af1cc695", "shortName": "OPPO"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://security.oppo.com/cn/noticedetails.html?noticeId=20201587348300033"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@oppo.com", "ID": "CVE-2020-11828", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Color OS", "version": {"version_data": [{"version_value": "6"}, {"version_value": "7"}]}}]}, "vendor_name": "Oppo"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In ColorOS (oppo mobile phone operating system, based on AOSP frameworks/native code position/services/surfaceflinger surfaceflinger.CPP), RGB is defined on the stack but uninitialized, so when the screenShot function to RGB value assignment, will not initialize the value is returned to the attackers, leading to values on the stack information leakage, the vulnerability can be used to bypass attackers ALSR."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://security.oppo.com/cn/noticedetails.html?noticeId=20201587348300033", "refsource": "CONFIRM", "url": "https://security.oppo.com/cn/noticedetails.html?noticeId=20201587348300033"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T11:42:00.696Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://security.oppo.com/cn/noticedetails.html?noticeId=20201587348300033"}]}]}, "cveMetadata": {"assignerOrgId": "7f2b1ad8-5432-4d64-91a1-9099af1cc695", "assignerShortName": "OPPO", "cveId": "CVE-2020-11828", "datePublished": "2020-04-21T13:42:04", "dateReserved": "2020-04-16T00:00:00", "dateUpdated": "2024-08-04T11:42:00.696Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:oppo:coloros:-:*:*:*:*:*:*:*", "matchCriteriaId": "364D0530-68D3-4564-8328-B45C4631C253", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In ColorOS (oppo mobile phone operating system, based on AOSP frameworks/native code position/services/surfaceflinger surfaceflinger.CPP), RGB is defined on the stack but uninitialized, so when the screenShot function to RGB value assignment, will not initialize the value is returned to the attackers, leading to values on the stack information leakage, the vulnerability can be used to bypass attackers ALSR."}, {"lang": "es", "value": "En ColorOS (sistema operativo de telefon\u00eda m\u00f3vil oppo, basado en c\u00f3digo surfaceflinger.CPP de position/services/surfaceflinger del frameworks/native de AOSP), RGB es definido en la pila (stack) pero no es inicializado, por eso cuando la funci\u00f3n screenShot en la asignaci\u00f3n del valor de RGB, no inicializar\u00e1 el valor que es devuelto a los atacantes, conllevando a que unos valores en la pila filtren informaci\u00f3n, la vulnerabilidad puede ser usada para omitir la funcionalidad ALSR por los atacantes."}], "id": "CVE-2020-11828", "lastModified": "2021-07-21T11:39:23.747", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-04-21T14:15:11.223", "references": [{"source": "security@oppo.com", "tags": ["Third Party Advisory"], "url": "https://security.oppo.com/cn/noticedetails.html?noticeId=20201587348300033"}], "sourceIdentifier": "security@oppo.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-908"}], "source": "nvd@nist.gov", "type": "Primary"}]}