Security Advisory | Memory access Out-of-bounds Vulnerability in the Frame Touch Module
Original release date: 2020-10-14
CVE ID
CVE-2020-12485
CVSS 3.1 Base Score
5.5 Medium (AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)
Description
The frame touch module does not make validity judgments on parameter lengths when processing specific parameters ,which caused out of the boundary when memory access.The vulnerability eventually leads to a local DOS on the device.
Software Versions and Fixes
- Software Affected Version Fixed Version
- Frame Touch Module All models whose system is Android 10 PD2012_1.4.0、PD1965EF_EX_EU_4.4.0、PD2001F_EX_1.6.0、PD1968F_EX_1.10.1、PD1962_1.7.6、PD1981_1.5.0、PD2006F_EX_1.6.2 or later version
Temporary Fix
NA
Obtaining Fixed Software
The vulnerability can be fixed by performing system updates.
Source
CytQ submitted via vivo SRC.
vivo would like to thank them for working with us and coordinated vulnerability disclosure.
vivo would like to thank them for working with us and coordinated vulnerability disclosure.
Update Records
2020-10-14 V1.0 INITIAL
FAQs
NA
vivo Security Procedures
vivo is committed to providing users with best cyber security products and services, and follows the industrial best practice to handle and publish vunerability information.
To report a security vulnerability in vivo products and solutions, please send it to security@vivo.com.
For details, please visit Security Advisory.
To report a security vulnerability in vivo products and solutions, please send it to security@vivo.com.
For details, please visit Security Advisory.