Security Advisory | Some sensitive device information leakage vulnerability in Framework Service
Original release date: 2022-03-28
CVE ID
CVE-2020-12491
CVSS 3.1 Base Score
6.2 Medium (AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
Description
Improper control of framework service permissions with possibility of some sensitive device information leakage.
Software Versions and Fixes
- Software Affected Version Fixed Version
- Framework service Versions earlier than Android 11 The vulnerability is fixed in all releases after 2022.2.24
Temporary Fix
NA
Obtaining Fixed Software
Devices that support automatic updates receive a system update prompt, and users complete the fix for the vulnerability by performing a system update.
Source
Qing Zhang and Kailong Wang from Nus
Update Records
2022-03-28 V1.0 INITIAL
FAQs
NA
vivo Security Procedures
vivo is committed to offering users with secure products and services, and follows the best practices in the industry to handle and disclose security vulnerability information.
To report a security vulnerability in vivo products and solutions, please send it to security@vivo.com.
For details, please visit Security Advisory.
To report a security vulnerability in vivo products and solutions, please send it to security@vivo.com.
For details, please visit Security Advisory.