{"id":"ASB-A-156123285", "published":"2020-09-01T00:00:00Z", "modified":"2026-06-17T15:23:34.405473849Z", "aliases":["CVE-2020-0388", "A-156123285"], "details":"In createEmergencyLocationUserNotification of GnssVisibilityControl.java, there is a possible permissions bypass due to an empty mutable PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.", "affected":[{"package":{"name":"platform/frameworks/base", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"10:0"}, {"fixed":"10:2020-09-01"}]}], "versions":["10"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/6967df740495b9b2b7a6bc357e656efa5390e050"], "severity":"High", "spl":"2020-09-01", "types":["EoP"], "vanir_signatures":[{"deprecated":false, "digest":{"line_hashes":["256344392036311097711604487242339670875", "274057428375888562584514121329737596111", "145652496039882957379333952445927871354", "97688537567720862757721685389724416698", "309995359751551295309347655795310159722", "277424418945787746687653911383464672150", "195688365078966035571348089285859865348", "10781820767013119213797397001269340647"], "threshold":0.9}, "id":"ASB-A-156123285-13ae36f5", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/6967df740495b9b2b7a6bc357e656efa5390e050", "target":{"file":"services/core/java/com/android/server/location/GnssVisibilityControl.java"}}, {"deprecated":false, "digest":{"function_hash":"291218029368438934464636682503493167444", "length":713}, "id":"ASB-A-156123285-c2635537", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/6967df740495b9b2b7a6bc357e656efa5390e050", "target":{"file":"services/core/java/com/android/server/location/GnssVisibilityControl.java", "function":"createEmergencyLocationUserNotification"}}]}}], "references":[{"type":"ADVISORY", "url":"https://source.android.com/security/bulletin/2020-09-01"}, {"type":"FIX", "url":"https://android.googlesource.com/platform/frameworks/base/+/6967df740495b9b2b7a6bc357e656efa5390e050"}]}