{"id":"ASB-A-161812320","details":"In the AIBinder_Class constructor of ibinder.cpp, there is a possible arbitrary code execution due to uninitialized data. This could lead to local escalation of privilege if a process were using libbinder_ndk in a vulnerable way with no additional execution privileges needed. User interaction is not needed for exploitation.","aliases":["A-161812320","CVE-2020-0438"],"modified":"2026-04-21T15:25:42.831358Z","published":"2020-11-01T00:00:00Z","references":[{"type":"ADVISORY","url":"https://source.android.com/security/bulletin/2020-11-01"},{"type":"FIX","url":"https://android.googlesource.com/platform/frameworks/native/+/10b19f86d9d8bec6f47f31449593711479f336a5"}],"affected":[{"package":{"name":"platform/frameworks/native","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"11-next:0"},{"fixed":"11-next:2020-11-01"}]}],"versions":["11-next"],"ecosystem_specific":{"severity":"High","fixes":["https://android.googlesource.com/platform/frameworks/native/+/882340762039c330283736187020f41334b60f05"],"types":["EoP"],"spl":"2020-11-01","vanir_signatures":[{"id":"ASB-A-161812320-03e75a9b","target":{"file":"libs/binder/ndk/tests/libbinder_ndk_unit_test.cpp"},"digest":{"line_hashes":["166853182971095957477295542990318855226","2714496182692667837940115498659040009","127929062338231145922199514350132922165"],"threshold":0.9},"source":"https://android.googlesource.com/platform/frameworks/native/+/882340762039c330283736187020f41334b60f05","deprecated":false,"signature_version":"v1","signature_type":"Line"},{"id":"ASB-A-161812320-17a8061e","target":{"function":"ABBinder::onTransact","file":"libs/binder/ndk/ibinder.cpp"},"digest":{"function_hash":"6692660950372729705060540801180559721","length":1507},"source":"https://android.googlesource.com/platform/frameworks/native/+/882340762039c330283736187020f41334b60f05","deprecated":false,"signature_version":"v1","signature_type":"Function"},{"id":"ASB-A-161812320-1c31474a","target":{"file":"libs/binder/ndk/ibinder_internal.h"},"digest":{"line_hashes":["13922026013675028407001722743555010547","237617003093890210114359234712291170391","219405424050546884940338494511715324280","119566248312543600779338226999319230832","182581632736243370490049382777622835574","236572504900660911225729334021913050525","301431736978975864467937568986792238562","218907331790811812538155140498544355941"],"threshold":0.9},"source":"https://android.googlesource.com/platform/frameworks/native/+/882340762039c330283736187020f41334b60f05","deprecated":false,"signature_version":"v1","signature_type":"Line"},{"id":"ASB-A-161812320-1caada43","target":{"function":"IFoo::addService","file":"libs/binder/ndk/tests/iface.cpp"},"digest":{"function_hash":"24222033419103900466493647316503210414","length":432},"source":"https://android.googlesource.com/platform/frameworks/native/+/882340762039c330283736187020f41334b60f05","deprecated":false,"signature_version":"v1","signature_type":"Function"},{"id":"ASB-A-161812320-4870102c","target":{"file":"libs/binder/ndk/ibinder.cpp"},"digest":{"line_hashes":["337953460655781670954193138801848487872","129737973091506341549555497449437046760","166341565519246474420017384019488169919","43085590477963808790312978891684483105"],"threshold":0.9},"source":"https://android.googlesource.com/platform/frameworks/native/+/882340762039c330283736187020f41334b60f05","deprecated":false,"signature_version":"v1","signature_type":"Line"},{"id":"ASB-A-161812320-732099de","target":{"file":"libs/binder/ndk/tests/include/iface/iface.h"},"digest":{"line_hashes":["166846193524674178006558397101840566531","190330214196064866872130790560553921089","126345581594453208055667319110442750718"],"threshold":0.9},"source":"https://android.googlesource.com/platform/frameworks/native/+/882340762039c330283736187020f41334b60f05","deprecated":false,"signature_version":"v1","signature_type":"Line"},{"id":"ASB-A-161812320-fd963a39","target":{"file":"libs/binder/ndk/tests/iface.cpp"},"digest":{"line_hashes":["315785499823683027533714458595445267303","186193274819663599976554617998107598682","75193321492464836734796987614755455116","160750622868819087105985984949384490650","116552410365698554304017692825057346924","142696787752292026367259100555575150769","58627899538112562548751526190996095836","83498136934319160209930637927120875644","59564831642801405582725424701065084564"],"threshold":0.9},"source":"https://android.googlesource.com/platform/frameworks/native/+/882340762039c330283736187020f41334b60f05","deprecated":false,"signature_version":"v1","signature_type":"Line"}]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-161812320.json"}},{"package":{"name":"platform/frameworks/native","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"10:0"},{"fixed":"10:2020-11-01"}]}],"versions":["10"],"ecosystem_specific":{"severity":"High","fixes":["https://android.googlesource.com/platform/frameworks/native/+/8d49c3fbae160936ac44a1213e53e6cf617ee867"],"types":["EoP"],"spl":"2020-11-01","vanir_signatures":[{"id":"ASB-A-161812320-3cb98a16","target":{"file":"libs/binder/ndk/ibinder_internal.h"},"digest":{"line_hashes":["13922026013675028407001722743555010547","237617003093890210114359234712291170391","219405424050546884940338494511715324280","119566248312543600779338226999319230832","187701804535008349201468938291727747670","105129803371113960669159704341731600041","220404689486226927036787968493060335824"],"threshold":0.9},"source":"https://android.googlesource.com/platform/frameworks/native/+/8d49c3fbae160936ac44a1213e53e6cf617ee867","deprecated":false,"signature_version":"v1","signature_type":"Line"},{"id":"ASB-A-161812320-6dcb8bac","target":{"file":"libs/binder/ndk/test/include/iface/iface.h"},"digest":{"line_hashes":["166846193524674178006558397101840566531","190330214196064866872130790560553921089","126345581594453208055667319110442750718"],"threshold":0.9},"source":"https://android.googlesource.com/platform/frameworks/native/+/8d49c3fbae160936ac44a1213e53e6cf617ee867","deprecated":false,"signature_version":"v1","signature_type":"Line"},{"id":"ASB-A-161812320-aacb7cfb","target":{"file":"libs/binder/ndk/test/iface.cpp"},"digest":{"line_hashes":["315785499823683027533714458595445267303","186193274819663599976554617998107598682","75193321492464836734796987614755455116","160750622868819087105985984949384490650","116552410365698554304017692825057346924","142696787752292026367259100555575150769","58627899538112562548751526190996095836","83498136934319160209930637927120875644","59564831642801405582725424701065084564"],"threshold":0.9},"source":"https://android.googlesource.com/platform/frameworks/native/+/8d49c3fbae160936ac44a1213e53e6cf617ee867","deprecated":false,"signature_version":"v1","signature_type":"Line"},{"id":"ASB-A-161812320-bbe0b51f","target":{"function":"IFoo::addService","file":"libs/binder/ndk/test/iface.cpp"},"digest":{"function_hash":"24222033419103900466493647316503210414","length":432},"source":"https://android.googlesource.com/platform/frameworks/native/+/8d49c3fbae160936ac44a1213e53e6cf617ee867","deprecated":false,"signature_version":"v1","signature_type":"Function"},{"id":"ASB-A-161812320-f8281d3d","target":{"file":"libs/binder/ndk/test/main_client.cpp"},"digest":{"line_hashes":["166853182971095957477295542990318855226","2714496182692667837940115498659040009","127929062338231145922199514350132922165"],"threshold":0.9},"source":"https://android.googlesource.com/platform/frameworks/native/+/8d49c3fbae160936ac44a1213e53e6cf617ee867","deprecated":false,"signature_version":"v1","signature_type":"Line"}]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-161812320.json"}},{"package":{"name":"platform/frameworks/native","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"11:0"},{"fixed":"11:2020-11-01"}]}],"versions":["11"],"ecosystem_specific":{"severity":"High","fixes":["https://android.googlesource.com/platform/frameworks/native/+/deb5346761308d9cda3a249283a482a1ce08549e"],"types":["EoP"],"spl":"2020-11-01","vanir_signatures":[{"id":"ASB-A-161812320-2ade344f","target":{"function":"IFoo::addService","file":"libs/binder/ndk/test/iface.cpp"},"digest":{"function_hash":"24222033419103900466493647316503210414","length":432},"source":"https://android.googlesource.com/platform/frameworks/native/+/deb5346761308d9cda3a249283a482a1ce08549e","deprecated":false,"signature_version":"v1","signature_type":"Function"},{"id":"ASB-A-161812320-35296a65","target":{"file":"libs/binder/ndk/test/include/iface/iface.h"},"digest":{"line_hashes":["166846193524674178006558397101840566531","190330214196064866872130790560553921089","126345581594453208055667319110442750718"],"threshold":0.9},"source":"https://android.googlesource.com/platform/frameworks/native/+/deb5346761308d9cda3a249283a482a1ce08549e","deprecated":false,"signature_version":"v1","signature_type":"Line"},{"id":"ASB-A-161812320-67d3a80b","target":{"function":"ABBinder::onTransact","file":"libs/binder/ndk/ibinder.cpp"},"digest":{"function_hash":"6692660950372729705060540801180559721","length":1507},"source":"https://android.googlesource.com/platform/frameworks/native/+/deb5346761308d9cda3a249283a482a1ce08549e","deprecated":false,"signature_version":"v1","signature_type":"Function"},{"id":"ASB-A-161812320-ad2df558","target":{"file":"libs/binder/ndk/ibinder_internal.h"},"digest":{"line_hashes":["13922026013675028407001722743555010547","237617003093890210114359234712291170391","219405424050546884940338494511715324280","119566248312543600779338226999319230832","182581632736243370490049382777622835574","236572504900660911225729334021913050525","301431736978975864467937568986792238562","218907331790811812538155140498544355941"],"threshold":0.9},"source":"https://android.googlesource.com/platform/frameworks/native/+/deb5346761308d9cda3a249283a482a1ce08549e","deprecated":false,"signature_version":"v1","signature_type":"Line"},{"id":"ASB-A-161812320-b9e2be20","target":{"file":"libs/binder/ndk/ibinder.cpp"},"digest":{"line_hashes":["337953460655781670954193138801848487872","129737973091506341549555497449437046760","166341565519246474420017384019488169919","43085590477963808790312978891684483105"],"threshold":0.9},"source":"https://android.googlesource.com/platform/frameworks/native/+/deb5346761308d9cda3a249283a482a1ce08549e","deprecated":false,"signature_version":"v1","signature_type":"Line"},{"id":"ASB-A-161812320-ee0f9107","target":{"file":"libs/binder/ndk/test/libbinder_ndk_unit_test.cpp"},"digest":{"line_hashes":["166853182971095957477295542990318855226","2714496182692667837940115498659040009","127929062338231145922199514350132922165"],"threshold":0.9},"source":"https://android.googlesource.com/platform/frameworks/native/+/deb5346761308d9cda3a249283a482a1ce08549e","deprecated":false,"signature_version":"v1","signature_type":"Line"},{"id":"ASB-A-161812320-ff6d4ddd","target":{"file":"libs/binder/ndk/test/iface.cpp"},"digest":{"line_hashes":["315785499823683027533714458595445267303","186193274819663599976554617998107598682","75193321492464836734796987614755455116","160750622868819087105985984949384490650","116552410365698554304017692825057346924","142696787752292026367259100555575150769","58627899538112562548751526190996095836","83498136934319160209930637927120875644","59564831642801405582725424701065084564"],"threshold":0.9},"source":"https://android.googlesource.com/platform/frameworks/native/+/deb5346761308d9cda3a249283a482a1ce08549e","deprecated":false,"signature_version":"v1","signature_type":"Line"}]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-161812320.json"}}],"schema_version":"1.7.5"}