CVE-2020-0110 in Android
Summary
by MITRE
In psi_write of psi.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-148159562References: Upstream kernel
Several companies clearly confirm that VulDB is the primary source for best vulnerability data.
Analysis
by VulDB Data Team • 05/15/2020
The vulnerability identified as CVE-2020-0110 resides within the Android kernel's psi.c file, specifically in the psi_write function where a critical out-of-bounds write condition exists due to insufficient bounds checking mechanisms. This flaw represents a fundamental security weakness in the kernel's memory management subsystem that directly impacts the system's integrity and privilege escalation capabilities. The issue stems from the absence of proper input validation when processing write operations to the psi (pressure stall information) interface, which is designed to monitor resource pressure in the Linux kernel's cgroup subsystem.
The technical exploitation of this vulnerability occurs when malicious code attempts to write data to the psi interface without proper bounds verification, allowing an attacker to write beyond the allocated memory boundaries of the target buffer. This memory corruption vulnerability operates at the kernel level, making it particularly dangerous as it can be leveraged to gain unauthorized access to privileged system resources. The flaw follows the common pattern of buffer overflow vulnerabilities where insufficient input validation creates opportunities for attackers to overwrite adjacent memory locations, potentially leading to code execution or privilege escalation.
From an operational standpoint, this vulnerability presents a significant risk for local privilege escalation scenarios where an unprivileged user or process can exploit the missing bounds check to elevate their privileges to kernel level access. The attack vector requires no user interaction or additional execution privileges, making it particularly concerning for Android devices where the kernel serves as the primary security boundary between user-space applications and system-critical resources. The implications extend beyond simple privilege escalation as this vulnerability could potentially enable attackers to bypass kernel security mechanisms, modify system files, or establish persistent backdoors within the device's operating environment.
The vulnerability aligns with CWE-129, which specifically addresses insufficient bounds checking in software implementations, and demonstrates characteristics consistent with ATT&CK technique T1068, which involves the exploitation of local privilege escalation vulnerabilities. This flaw affects Android kernel versions where the psi.c implementation lacks proper validation mechanisms, particularly impacting devices that rely on cgroup pressure stall information monitoring for resource management and system performance tracking. The upstream kernel references indicate that this issue was recognized and addressed within the broader Linux kernel community, highlighting the widespread nature of similar vulnerabilities in memory management subsystems across different kernel implementations.
Mitigation strategies should focus on implementing proper bounds checking mechanisms within the psi_write function to validate input data before processing, ensuring that all memory write operations remain within allocated buffer boundaries. System administrators and device manufacturers should prioritize applying kernel updates that include the upstream fixes, while also implementing runtime monitoring to detect anomalous memory access patterns that could indicate exploitation attempts. The remediation process involves strengthening the kernel's input validation procedures and ensuring that all write operations to kernel interfaces include comprehensive bounds checking to prevent unauthorized memory corruption. Additionally, security teams should conduct thorough code reviews of similar kernel subsystems to identify and address potential analogous vulnerabilities that may exist in other memory management components.