Buffer overflow in Google Android
CVE-2020-28343
An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) (Exynos 980, 9820, and 9830 chipsets) software. The NPU driver allows attackers to execute arbitrary code because of unintended write and read operations on memory…
Vulnerability class: Buffer Overflow
EPSS: 0.002 (14.9th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 7.8 (High). Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H.
Affected products
- Google Android — versions 9.0, 10.0
- Samsung Exynos_980
- Samsung Exynos_9820
- Samsung Exynos_9830
- N/a — versions n/a
Weakness classification (CWE)
Public proof-of-concept exploits
- ARPSyndicate/cvemon
- kdn111/linux-kernel-exploitation
- khanhdn111/linux-kernel-exploitation
- khanhdz-06/linux-kernel-exploitation
- khanhdz191/linux-kernel-exploitation
- khanhhdz/linux-kernel-exploitation
- khanhhdz06/linux-kernel-exploitation
- khanhnd123/linux-kernel-exploitation
- khnhdz/linux-kernel-exploitation
- knd06/linux-kernel-exploitation
References
- cve@mitre.org (x_refsource_MISC, Vendor Advisory)
Frequently asked questions
- What is CVE-2020-28343?
- CVE-2020-28343 is a high-severity vulnerability in Google Android, classified under Out-of-bounds Write. CVSS score: 7.8/10. Published 2020-11-08.
- How severe is CVE-2020-28343?
- High severity. CVSS v3 base score is 7.8 out of 10.
- Is CVE-2020-28343 known to be exploited?
- 15 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.