{"id":"ASB-A-156997193", "published":"2020-11-01T00:00:00Z", "modified":"2026-04-29T15:10:00.007170452Z", "aliases":["CVE-2020-0409", "A-156997193"], "details":"In create of FileMap.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.", "affected":[{"package":{"name":"platform/system/core", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"11-next:0"}, {"fixed":"11-next:2020-11-01"}]}], "versions":["11-next"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/system/core/+/bff51b88aaf96279c58edb812be0bda2fcaf4967", "https://android.googlesource.com/platform/system/core/+/54794ac613d50bf4072174476f60527e2b0b4cdf"], "severity":"High", "spl":"2020-11-01", "types":["EoP"], "vanir_signatures":[{"deprecated":false, "digest":{"line_hashes":["91327058474968093524218913428440684431", "283635400407027686436634616897858012320", "295926172014320351044002759299570640346", "170004386622017188571956807408405133614"], "threshold":0.9}, "id":"ASB-A-156997193-8092ba1b", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/core/+/bff51b88aaf96279c58edb812be0bda2fcaf4967", "target":{"file":"libutils/FileMap.cpp"}}, {"deprecated":false, "digest":{"function_hash":"303740755719554007347935742324030440442", "length":2006}, "id":"ASB-A-156997193-c88c4f9e", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/core/+/bff51b88aaf96279c58edb812be0bda2fcaf4967", "target":{"file":"libutils/FileMap.cpp", "function":"FileMap::create"}}, {"deprecated":false, "digest":{"line_hashes":["275358842454213562963598485301373303773", "236575377719150355451088222840875456584", "34999987004009085816746985289991487896", "181128264519813211803606298817932475029", "296529281982132029984316337080038405735", "47536793616554775753487568224015563717", "213767229193664386554322731371826328562", "258849291900984273852023809079006558820", "323425551243113496830608628755141189612", "6874040466930922682761985680036394102", "121460898419937120682075403121597197109", "289728551360487268008585474856748105106", "121182242367033105589337314129271103997", "221775964729662280451941403317801755150", "197704582121186397161464248283211658209", "247300739514161794399061483391242605618", "89879066079523204445966260830958587248", "233815001187899535722972412020095193448", "165749523362130073929307081957063587767", "252156529686827500034475126586805254792", "208412259794513319075530967832044426533", "281020868416559072448865777846478546849"], "threshold":0.9}, "id":"ASB-A-156997193-d29d831b", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/core/+/54794ac613d50bf4072174476f60527e2b0b4cdf", "target":{"file":"libutils/FileMap.cpp"}}, {"deprecated":false, "digest":{"function_hash":"261611924611209571230329236832720970558", "length":2151}, "id":"ASB-A-156997193-deb0052c", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/core/+/54794ac613d50bf4072174476f60527e2b0b4cdf", "target":{"file":"libutils/FileMap.cpp", "function":"FileMap::create"}}]}}, {"package":{"name":"platform/system/core", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"8.0:0"}, {"fixed":"8.0:2020-11-01"}]}], "versions":["8.0"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/system/core/+/4d14303653247da3922242796ab6d63123fbd004", "https://android.googlesource.com/platform/system/core/+/54794ac613d50bf4072174476f60527e2b0b4cdf"], "severity":"High", "spl":"2020-11-01", "types":["EoP"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"182082587529492012534805707834854601999", "length":2000}, "id":"ASB-A-156997193-29ee82ab", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/core/+/4d14303653247da3922242796ab6d63123fbd004", "target":{"file":"libutils/FileMap.cpp", "function":"FileMap::create"}}, {"deprecated":false, "digest":{"line_hashes":["6874040466930922682761985680036394102", "309769698395510642244591578088847990994", "168336261518310196964879749823756115293", "233840836003916188431905245736651982800"], "threshold":0.9}, "id":"ASB-A-156997193-329a012c", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/core/+/4d14303653247da3922242796ab6d63123fbd004", "target":{"file":"libutils/FileMap.cpp"}}, {"deprecated":false, "digest":{"function_hash":"261611924611209571230329236832720970558", "length":2151}, "id":"ASB-A-156997193-d2c10be6", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/core/+/54794ac613d50bf4072174476f60527e2b0b4cdf", "target":{"file":"libutils/FileMap.cpp", "function":"FileMap::create"}}, {"deprecated":false, "digest":{"line_hashes":["275358842454213562963598485301373303773", "236575377719150355451088222840875456584", "34999987004009085816746985289991487896", "181128264519813211803606298817932475029", "296529281982132029984316337080038405735", "47536793616554775753487568224015563717", "213767229193664386554322731371826328562", "258849291900984273852023809079006558820", "323425551243113496830608628755141189612", "6874040466930922682761985680036394102", "121460898419937120682075403121597197109", "289728551360487268008585474856748105106", "121182242367033105589337314129271103997", "221775964729662280451941403317801755150", "197704582121186397161464248283211658209", "247300739514161794399061483391242605618", "89879066079523204445966260830958587248", "233815001187899535722972412020095193448", "165749523362130073929307081957063587767", "252156529686827500034475126586805254792", "208412259794513319075530967832044426533", "281020868416559072448865777846478546849"], "threshold":0.9}, "id":"ASB-A-156997193-ffeb1b48", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/core/+/54794ac613d50bf4072174476f60527e2b0b4cdf", "target":{"file":"libutils/FileMap.cpp"}}]}}, {"package":{"name":"platform/system/core", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"8.1:0"}, {"fixed":"8.1:2020-11-01"}]}], "versions":["8.1"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/system/core/+/4d14303653247da3922242796ab6d63123fbd004", "https://android.googlesource.com/platform/system/core/+/54794ac613d50bf4072174476f60527e2b0b4cdf"], "severity":"High", "spl":"2020-11-01", "types":["EoP"], "vanir_signatures":[{"deprecated":false, "digest":{"line_hashes":["6874040466930922682761985680036394102", "309769698395510642244591578088847990994", "168336261518310196964879749823756115293", "233840836003916188431905245736651982800"], "threshold":0.9}, "id":"ASB-A-156997193-007857a6", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/core/+/4d14303653247da3922242796ab6d63123fbd004", "target":{"file":"libutils/FileMap.cpp"}}, {"deprecated":false, "digest":{"function_hash":"182082587529492012534805707834854601999", "length":2000}, "id":"ASB-A-156997193-6507bebf", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/core/+/4d14303653247da3922242796ab6d63123fbd004", "target":{"file":"libutils/FileMap.cpp", "function":"FileMap::create"}}, {"deprecated":false, "digest":{"line_hashes":["275358842454213562963598485301373303773", "236575377719150355451088222840875456584", "34999987004009085816746985289991487896", "181128264519813211803606298817932475029", "296529281982132029984316337080038405735", "47536793616554775753487568224015563717", "213767229193664386554322731371826328562", "258849291900984273852023809079006558820", "323425551243113496830608628755141189612", "6874040466930922682761985680036394102", "121460898419937120682075403121597197109", "289728551360487268008585474856748105106", "121182242367033105589337314129271103997", "221775964729662280451941403317801755150", "197704582121186397161464248283211658209", "247300739514161794399061483391242605618", "89879066079523204445966260830958587248", "233815001187899535722972412020095193448", "165749523362130073929307081957063587767", "252156529686827500034475126586805254792", "208412259794513319075530967832044426533", "281020868416559072448865777846478546849"], "threshold":0.9}, "id":"ASB-A-156997193-82443891", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/core/+/54794ac613d50bf4072174476f60527e2b0b4cdf", "target":{"file":"libutils/FileMap.cpp"}}, {"deprecated":false, "digest":{"function_hash":"261611924611209571230329236832720970558", "length":2151}, "id":"ASB-A-156997193-8e2f5aa8", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/core/+/54794ac613d50bf4072174476f60527e2b0b4cdf", "target":{"file":"libutils/FileMap.cpp", "function":"FileMap::create"}}]}}, {"package":{"name":"platform/system/core", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"9:0"}, {"fixed":"9:2020-11-01"}]}], "versions":["9"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/system/core/+/4d14303653247da3922242796ab6d63123fbd004", "https://android.googlesource.com/platform/system/core/+/54794ac613d50bf4072174476f60527e2b0b4cdf"], "severity":"High", "spl":"2020-11-01", "types":["EoP"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"182082587529492012534805707834854601999", "length":2000}, "id":"ASB-A-156997193-3323421c", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/core/+/4d14303653247da3922242796ab6d63123fbd004", "target":{"file":"libutils/FileMap.cpp", "function":"FileMap::create"}}, {"deprecated":false, "digest":{"function_hash":"261611924611209571230329236832720970558", "length":2151}, "id":"ASB-A-156997193-c0f94f24", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/core/+/54794ac613d50bf4072174476f60527e2b0b4cdf", "target":{"file":"libutils/FileMap.cpp", "function":"FileMap::create"}}, {"deprecated":false, "digest":{"line_hashes":["275358842454213562963598485301373303773", "236575377719150355451088222840875456584", "34999987004009085816746985289991487896", "181128264519813211803606298817932475029", "296529281982132029984316337080038405735", "47536793616554775753487568224015563717", "213767229193664386554322731371826328562", "258849291900984273852023809079006558820", "323425551243113496830608628755141189612", "6874040466930922682761985680036394102", "121460898419937120682075403121597197109", "289728551360487268008585474856748105106", "121182242367033105589337314129271103997", "221775964729662280451941403317801755150", "197704582121186397161464248283211658209", "247300739514161794399061483391242605618", "89879066079523204445966260830958587248", "233815001187899535722972412020095193448", "165749523362130073929307081957063587767", "252156529686827500034475126586805254792", "208412259794513319075530967832044426533", "281020868416559072448865777846478546849"], "threshold":0.9}, "id":"ASB-A-156997193-e208c315", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/core/+/54794ac613d50bf4072174476f60527e2b0b4cdf", "target":{"file":"libutils/FileMap.cpp"}}, {"deprecated":false, "digest":{"line_hashes":["6874040466930922682761985680036394102", "309769698395510642244591578088847990994", "168336261518310196964879749823756115293", "233840836003916188431905245736651982800"], "threshold":0.9}, "id":"ASB-A-156997193-f3b3d6da", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/core/+/4d14303653247da3922242796ab6d63123fbd004", "target":{"file":"libutils/FileMap.cpp"}}]}}, {"package":{"name":"platform/system/core", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"10:0"}, {"fixed":"10:2020-11-01"}]}], "versions":["10"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/system/core/+/f846413e621d7245d8e78f04349a6a93d2bbbea4"], "severity":"High", "spl":"2020-11-01", "types":["EoP"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"215522566870770909378502756101521643066", "length":2004}, "id":"ASB-A-156997193-6e0617ae", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/core/+/f846413e621d7245d8e78f04349a6a93d2bbbea4", "target":{"file":"libutils/FileMap.cpp", "function":"FileMap::create"}}, {"deprecated":false, "digest":{"line_hashes":["91327058474968093524218913428440684431", "283635400407027686436634616897858012320", "295926172014320351044002759299570640346", "170004386622017188571956807408405133614"], "threshold":0.9}, "id":"ASB-A-156997193-c714a7b1", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/core/+/f846413e621d7245d8e78f04349a6a93d2bbbea4", "target":{"file":"libutils/FileMap.cpp"}}]}}], "references":[{"type":"ADVISORY", "url":"https://source.android.com/security/bulletin/2020-11-01"}, {"type":"FIX", "url":"https://android.googlesource.com/platform/system/core/+/bff51b88aaf96279c58edb812be0bda2fcaf4967"}]}