>

>

Security Advisory

>

Details

Security Advisory | Some sensitive device information leakage vulnerability in Framework Service

Original release date: 2022-03-28

CVE ID

CVE-2020-12491

CVSS 3.1 Base Score

6.2 Medium （AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N）

Description

Improper control of framework service permissions with possibility of some sensitive device information leakage.

Software Versions and Fixes

Software Affected Version Fixed Version
Framework service Versions earlier than Android 11 The vulnerability is fixed in all releases after 2022.2.24

Temporary Fix

NA

Obtaining Fixed Software

Devices that support automatic updates receive a system update prompt, and users complete the fix for the vulnerability by performing a system update.

Source

Qing Zhang and Kailong Wang from Nus

Update Records

2022-03-28 V1.0 INITIAL

FAQs

NA

vivo Security Procedures

vivo is committed to offering users with secure products and services, and follows the best practices in the industry to handle and disclose security vulnerability information.
To report a security vulnerability in vivo products and solutions, please send it to security@vivo.com.
For details, please visit Security Advisory.