{"id":"ASB-A-156997193","details":"In create of FileMap.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","aliases":["A-156997193","CVE-2020-0409"],"modified":"2026-04-24T15:37:38.793646Z","published":"2020-11-01T00:00:00Z","references":[{"type":"ADVISORY","url":"https://source.android.com/security/bulletin/2020-11-01"},{"type":"FIX","url":"https://android.googlesource.com/platform/system/core/+/bff51b88aaf96279c58edb812be0bda2fcaf4967"}],"affected":[{"package":{"name":"platform/system/core","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"11-next:0"},{"fixed":"11-next:2020-11-01"}]}],"versions":["11-next"],"ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/system/core/+/bff51b88aaf96279c58edb812be0bda2fcaf4967","https://android.googlesource.com/platform/system/core/+/54794ac613d50bf4072174476f60527e2b0b4cdf"],"severity":"High","vanir_signatures":[{"target":{"file":"libutils/FileMap.cpp"},"digest":{"threshold":0.9,"line_hashes":["91327058474968093524218913428440684431","283635400407027686436634616897858012320","295926172014320351044002759299570640346","170004386622017188571956807408405133614"]},"signature_type":"Line","deprecated":false,"signature_version":"v1","id":"ASB-A-156997193-8092ba1b","source":"https://android.googlesource.com/platform/system/core/+/bff51b88aaf96279c58edb812be0bda2fcaf4967"},{"target":{"file":"libutils/FileMap.cpp","function":"FileMap::create"},"digest":{"function_hash":"303740755719554007347935742324030440442","length":2006},"signature_type":"Function","deprecated":false,"signature_version":"v1","id":"ASB-A-156997193-c88c4f9e","source":"https://android.googlesource.com/platform/system/core/+/bff51b88aaf96279c58edb812be0bda2fcaf4967"},{"target":{"file":"libutils/FileMap.cpp"},"digest":{"threshold":0.9,"line_hashes":["275358842454213562963598485301373303773","236575377719150355451088222840875456584","34999987004009085816746985289991487896","181128264519813211803606298817932475029","296529281982132029984316337080038405735","47536793616554775753487568224015563717","213767229193664386554322731371826328562","258849291900984273852023809079006558820","323425551243113496830608628755141189612","6874040466930922682761985680036394102","121460898419937120682075403121597197109","289728551360487268008585474856748105106","121182242367033105589337314129271103997","221775964729662280451941403317801755150","197704582121186397161464248283211658209","247300739514161794399061483391242605618","89879066079523204445966260830958587248","233815001187899535722972412020095193448","165749523362130073929307081957063587767","252156529686827500034475126586805254792","208412259794513319075530967832044426533","281020868416559072448865777846478546849"]},"signature_type":"Line","deprecated":false,"signature_version":"v1","id":"ASB-A-156997193-d29d831b","source":"https://android.googlesource.com/platform/system/core/+/54794ac613d50bf4072174476f60527e2b0b4cdf"},{"target":{"file":"libutils/FileMap.cpp","function":"FileMap::create"},"digest":{"function_hash":"261611924611209571230329236832720970558","length":2151},"signature_type":"Function","deprecated":false,"signature_version":"v1","id":"ASB-A-156997193-deb0052c","source":"https://android.googlesource.com/platform/system/core/+/54794ac613d50bf4072174476f60527e2b0b4cdf"}],"spl":"2020-11-01","types":["EoP"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-156997193.json"}},{"package":{"name":"platform/system/core","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"8.0:0"},{"fixed":"8.0:2020-11-01"}]}],"versions":["8.0"],"ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/system/core/+/4d14303653247da3922242796ab6d63123fbd004","https://android.googlesource.com/platform/system/core/+/54794ac613d50bf4072174476f60527e2b0b4cdf"],"severity":"High","vanir_signatures":[{"target":{"file":"libutils/FileMap.cpp","function":"FileMap::create"},"digest":{"function_hash":"182082587529492012534805707834854601999","length":2000},"signature_type":"Function","deprecated":false,"signature_version":"v1","id":"ASB-A-156997193-29ee82ab","source":"https://android.googlesource.com/platform/system/core/+/4d14303653247da3922242796ab6d63123fbd004"},{"target":{"file":"libutils/FileMap.cpp"},"digest":{"threshold":0.9,"line_hashes":["6874040466930922682761985680036394102","309769698395510642244591578088847990994","168336261518310196964879749823756115293","233840836003916188431905245736651982800"]},"signature_type":"Line","deprecated":false,"signature_version":"v1","id":"ASB-A-156997193-329a012c","source":"https://android.googlesource.com/platform/system/core/+/4d14303653247da3922242796ab6d63123fbd004"},{"target":{"file":"libutils/FileMap.cpp","function":"FileMap::create"},"digest":{"function_hash":"261611924611209571230329236832720970558","length":2151},"signature_type":"Function","deprecated":false,"signature_version":"v1","id":"ASB-A-156997193-d2c10be6","source":"https://android.googlesource.com/platform/system/core/+/54794ac613d50bf4072174476f60527e2b0b4cdf"},{"target":{"file":"libutils/FileMap.cpp"},"digest":{"threshold":0.9,"line_hashes":["275358842454213562963598485301373303773","236575377719150355451088222840875456584","34999987004009085816746985289991487896","181128264519813211803606298817932475029","296529281982132029984316337080038405735","47536793616554775753487568224015563717","213767229193664386554322731371826328562","258849291900984273852023809079006558820","323425551243113496830608628755141189612","6874040466930922682761985680036394102","121460898419937120682075403121597197109","289728551360487268008585474856748105106","121182242367033105589337314129271103997","221775964729662280451941403317801755150","197704582121186397161464248283211658209","247300739514161794399061483391242605618","89879066079523204445966260830958587248","233815001187899535722972412020095193448","165749523362130073929307081957063587767","252156529686827500034475126586805254792","208412259794513319075530967832044426533","281020868416559072448865777846478546849"]},"signature_type":"Line","deprecated":false,"signature_version":"v1","id":"ASB-A-156997193-ffeb1b48","source":"https://android.googlesource.com/platform/system/core/+/54794ac613d50bf4072174476f60527e2b0b4cdf"}],"spl":"2020-11-01","types":["EoP"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-156997193.json"}},{"package":{"name":"platform/system/core","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"8.1:0"},{"fixed":"8.1:2020-11-01"}]}],"versions":["8.1"],"ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/system/core/+/4d14303653247da3922242796ab6d63123fbd004","https://android.googlesource.com/platform/system/core/+/54794ac613d50bf4072174476f60527e2b0b4cdf"],"severity":"High","vanir_signatures":[{"target":{"file":"libutils/FileMap.cpp"},"digest":{"threshold":0.9,"line_hashes":["6874040466930922682761985680036394102","309769698395510642244591578088847990994","168336261518310196964879749823756115293","233840836003916188431905245736651982800"]},"signature_type":"Line","deprecated":false,"signature_version":"v1","id":"ASB-A-156997193-007857a6","source":"https://android.googlesource.com/platform/system/core/+/4d14303653247da3922242796ab6d63123fbd004"},{"target":{"file":"libutils/FileMap.cpp","function":"FileMap::create"},"digest":{"function_hash":"182082587529492012534805707834854601999","length":2000},"signature_type":"Function","deprecated":false,"signature_version":"v1","id":"ASB-A-156997193-6507bebf","source":"https://android.googlesource.com/platform/system/core/+/4d14303653247da3922242796ab6d63123fbd004"},{"target":{"file":"libutils/FileMap.cpp"},"digest":{"threshold":0.9,"line_hashes":["275358842454213562963598485301373303773","236575377719150355451088222840875456584","34999987004009085816746985289991487896","181128264519813211803606298817932475029","296529281982132029984316337080038405735","47536793616554775753487568224015563717","213767229193664386554322731371826328562","258849291900984273852023809079006558820","323425551243113496830608628755141189612","6874040466930922682761985680036394102","121460898419937120682075403121597197109","289728551360487268008585474856748105106","121182242367033105589337314129271103997","221775964729662280451941403317801755150","197704582121186397161464248283211658209","247300739514161794399061483391242605618","89879066079523204445966260830958587248","233815001187899535722972412020095193448","165749523362130073929307081957063587767","252156529686827500034475126586805254792","208412259794513319075530967832044426533","281020868416559072448865777846478546849"]},"signature_type":"Line","deprecated":false,"signature_version":"v1","id":"ASB-A-156997193-82443891","source":"https://android.googlesource.com/platform/system/core/+/54794ac613d50bf4072174476f60527e2b0b4cdf"},{"target":{"file":"libutils/FileMap.cpp","function":"FileMap::create"},"digest":{"function_hash":"261611924611209571230329236832720970558","length":2151},"signature_type":"Function","deprecated":false,"signature_version":"v1","id":"ASB-A-156997193-8e2f5aa8","source":"https://android.googlesource.com/platform/system/core/+/54794ac613d50bf4072174476f60527e2b0b4cdf"}],"spl":"2020-11-01","types":["EoP"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-156997193.json"}},{"package":{"name":"platform/system/core","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"9:0"},{"fixed":"9:2020-11-01"}]}],"versions":["9"],"ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/system/core/+/4d14303653247da3922242796ab6d63123fbd004","https://android.googlesource.com/platform/system/core/+/54794ac613d50bf4072174476f60527e2b0b4cdf"],"severity":"High","vanir_signatures":[{"target":{"file":"libutils/FileMap.cpp","function":"FileMap::create"},"digest":{"function_hash":"182082587529492012534805707834854601999","length":2000},"signature_type":"Function","deprecated":false,"signature_version":"v1","id":"ASB-A-156997193-3323421c","source":"https://android.googlesource.com/platform/system/core/+/4d14303653247da3922242796ab6d63123fbd004"},{"target":{"file":"libutils/FileMap.cpp","function":"FileMap::create"},"digest":{"function_hash":"261611924611209571230329236832720970558","length":2151},"signature_type":"Function","deprecated":false,"signature_version":"v1","id":"ASB-A-156997193-c0f94f24","source":"https://android.googlesource.com/platform/system/core/+/54794ac613d50bf4072174476f60527e2b0b4cdf"},{"target":{"file":"libutils/FileMap.cpp"},"digest":{"threshold":0.9,"line_hashes":["275358842454213562963598485301373303773","236575377719150355451088222840875456584","34999987004009085816746985289991487896","181128264519813211803606298817932475029","296529281982132029984316337080038405735","47536793616554775753487568224015563717","213767229193664386554322731371826328562","258849291900984273852023809079006558820","323425551243113496830608628755141189612","6874040466930922682761985680036394102","121460898419937120682075403121597197109","289728551360487268008585474856748105106","121182242367033105589337314129271103997","221775964729662280451941403317801755150","197704582121186397161464248283211658209","247300739514161794399061483391242605618","89879066079523204445966260830958587248","233815001187899535722972412020095193448","165749523362130073929307081957063587767","252156529686827500034475126586805254792","208412259794513319075530967832044426533","281020868416559072448865777846478546849"]},"signature_type":"Line","deprecated":false,"signature_version":"v1","id":"ASB-A-156997193-e208c315","source":"https://android.googlesource.com/platform/system/core/+/54794ac613d50bf4072174476f60527e2b0b4cdf"},{"target":{"file":"libutils/FileMap.cpp"},"digest":{"threshold":0.9,"line_hashes":["6874040466930922682761985680036394102","309769698395510642244591578088847990994","168336261518310196964879749823756115293","233840836003916188431905245736651982800"]},"signature_type":"Line","deprecated":false,"signature_version":"v1","id":"ASB-A-156997193-f3b3d6da","source":"https://android.googlesource.com/platform/system/core/+/4d14303653247da3922242796ab6d63123fbd004"}],"spl":"2020-11-01","types":["EoP"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-156997193.json"}},{"package":{"name":"platform/system/core","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"10:0"},{"fixed":"10:2020-11-01"}]}],"versions":["10"],"ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/system/core/+/f846413e621d7245d8e78f04349a6a93d2bbbea4"],"severity":"High","vanir_signatures":[{"target":{"file":"libutils/FileMap.cpp","function":"FileMap::create"},"digest":{"function_hash":"215522566870770909378502756101521643066","length":2004},"signature_type":"Function","deprecated":false,"signature_version":"v1","id":"ASB-A-156997193-6e0617ae","source":"https://android.googlesource.com/platform/system/core/+/f846413e621d7245d8e78f04349a6a93d2bbbea4"},{"target":{"file":"libutils/FileMap.cpp"},"digest":{"threshold":0.9,"line_hashes":["91327058474968093524218913428440684431","283635400407027686436634616897858012320","295926172014320351044002759299570640346","170004386622017188571956807408405133614"]},"signature_type":"Line","deprecated":false,"signature_version":"v1","id":"ASB-A-156997193-c714a7b1","source":"https://android.googlesource.com/platform/system/core/+/f846413e621d7245d8e78f04349a6a93d2bbbea4"}],"spl":"2020-11-01","types":["EoP"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-156997193.json"}}],"schema_version":"1.7.5"}