CVE-2020-11828

Published: Apr 21, 2020

Modified: Aug 4, 2024

PUBLISHED

Description

In ColorOS (oppo mobile phone operating system, based on AOSP frameworks/native code position/services/surfaceflinger surfaceflinger.CPP), RGB is defined on the stack but uninitialized, so when the screenShot function to RGB value assignment, will not initialize the value is returned to the attackers, leading to values on the stack information leakage, the vulnerability can be used to bypass attackers ALSR.

Vendor	Product	Versions
Oppo	Color OS	affected `6` affected `7`

References

https://security.oppo.com/cn/noticedetails.html?noticeId=20201587348300033

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2020-11828

Description

Affected Products

References