cnvd - cnvd-2021-28730

CNVD-2021-28730

Vulnerability from cnvd - Published: 2021-04-16

Title

OPPO ColorOS信息泄露漏洞

Description

OPPO ColorOS是中国OPPO广东移动通信（OPPO）公司的一套基于Android的移动设备操作系统。 OPPO ColorOS中的AOSP frameworks/native code position/services/surfaceflinger surfaceflinger.CPP文件存在信息泄露漏洞。攻击者可利用该漏洞获取有关栈信息的值及绕过ALSR。

Severity

中

Formal description

目前厂商暂未发布修复措施解决此安全问题，建议使用此软件的用户随时关注厂商主页或参考网址以获取解决办法： https://www.oppo.com/

Reference

https://nvd.nist.gov/vuln/detail/CVE-2020-11828

Impacted products

Name
oppo ColorOS

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2020-11828"
    }
  },
  "description": "OPPO ColorOS\u662f\u4e2d\u56fdOPPO\u5e7f\u4e1c\u79fb\u52a8\u901a\u4fe1\uff08OPPO\uff09\u516c\u53f8\u7684\u4e00\u5957\u57fa\u4e8eAndroid\u7684\u79fb\u52a8\u8bbe\u5907\u64cd\u4f5c\u7cfb\u7edf\u3002\n\nOPPO ColorOS\u4e2d\u7684AOSP frameworks/native code position/services/surfaceflinger surfaceflinger.CPP\u6587\u4ef6\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u6709\u5173\u6808\u4fe1\u606f\u7684\u503c\u53ca\u7ed5\u8fc7ALSR\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u6682\u672a\u53d1\u5e03\u4fee\u590d\u63aa\u65bd\u89e3\u51b3\u6b64\u5b89\u5168\u95ee\u9898\uff0c\u5efa\u8bae\u4f7f\u7528\u6b64\u8f6f\u4ef6\u7684\u7528\u6237\u968f\u65f6\u5173\u6ce8\u5382\u5546\u4e3b\u9875\u6216\u53c2\u8003\u7f51\u5740\u4ee5\u83b7\u53d6\u89e3\u51b3\u529e\u6cd5\uff1a\r\nhttps://www.oppo.com/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2021-28730",
  "openTime": "2021-04-16",
  "products": {
    "product": "oppo ColorOS"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2020-11828",
  "serverity": "\u4e2d",
  "submitTime": "2020-04-22",
  "title": "OPPO ColorOS\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e"
}

CVE-2020-11828 (GCVE-0-2020-11828)

Vulnerability from cvelistv5 – Published: 2020-04-21 13:42 – Updated: 2024-08-04 11:42

Summary

In ColorOS (oppo mobile phone operating system, based on AOSP frameworks/native code position/services/surfaceflinger surfaceflinger.CPP), RGB is defined on the stack but uninitialized, so when the screenShot function to RGB value assignment, will not initialize the value is returned to the attackers, leading to values on the stack information leakage, the vulnerability can be used to bypass attackers ALSR.

Severity ?

No CVSS data available.

CWE

Assigner

OPPO

References

URL

Tags

https://security.oppo.com/cn/noticedetails.html?n…

x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	Oppo	Color OS	Affected: 6 Affected: 7

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T11:42:00.696Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.oppo.com/cn/noticedetails.html?noticeId=20201587348300033"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Color OS",
          "vendor": "Oppo",
          "versions": [
            {
              "status": "affected",
              "version": "6"
            },
            {
              "status": "affected",
              "version": "7"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In ColorOS (oppo mobile phone operating system, based on AOSP frameworks/native code position/services/surfaceflinger surfaceflinger.CPP), RGB is defined on the stack but uninitialized, so when the screenShot function to RGB value assignment, will not initialize the value is returned to the attackers, leading to values on the stack information leakage, the vulnerability can be used to bypass attackers ALSR."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-04-21T13:42:04",
        "orgId": "7f2b1ad8-5432-4d64-91a1-9099af1cc695",
        "shortName": "OPPO"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.oppo.com/cn/noticedetails.html?noticeId=20201587348300033"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@oppo.com",
          "ID": "CVE-2020-11828",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Color OS",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6"
                          },
                          {
                            "version_value": "7"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Oppo"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In ColorOS (oppo mobile phone operating system, based on AOSP frameworks/native code position/services/surfaceflinger surfaceflinger.CPP), RGB is defined on the stack but uninitialized, so when the screenShot function to RGB value assignment, will not initialize the value is returned to the attackers, leading to values on the stack information leakage, the vulnerability can be used to bypass attackers ALSR."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://security.oppo.com/cn/noticedetails.html?noticeId=20201587348300033",
              "refsource": "CONFIRM",
              "url": "https://security.oppo.com/cn/noticedetails.html?noticeId=20201587348300033"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7f2b1ad8-5432-4d64-91a1-9099af1cc695",
    "assignerShortName": "OPPO",
    "cveId": "CVE-2020-11828",
    "datePublished": "2020-04-21T13:42:04",
    "dateReserved": "2020-04-16T00:00:00",
    "dateUpdated": "2024-08-04T11:42:00.696Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2021-28730

CVE-2020-11828 (GCVE-0-2020-11828)

Tags

Sightings

Nomenclature