CVE-2020-0155
📋 TL;DR
This CVE describes a local privilege escalation vulnerability in Android's NFC controller hardware abstraction layer. An attacker with user-level access can exploit an out-of-bounds write in the phNxpNciHal_send_ese_hal_cmd function to gain elevated privileges on affected Android devices. Only Android 10 devices with specific NFC hardware configurations are affected.
💻 Affected Systems
- Android
📦 What is this software?
Android by Google
⚠️ Risk & Real-World Impact
Worst Case
Complete device compromise allowing attacker to gain root/system privileges, install persistent malware, access sensitive data, and bypass security controls.
Likely Case
Local privilege escalation allowing malware to gain higher privileges than initially obtained, potentially enabling data theft or further system exploitation.
If Mitigated
Limited impact if devices are patched, have SELinux enforcing mode, and follow principle of least privilege for user applications.
🎯 Exploit Status
Exploitation requires user execution privileges and knowledge of the specific memory layout. No public exploits have been documented.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Android Security Patch Level 2020-06-01 or later
Vendor Advisory: https://source.android.com/security/bulletin/pixel/2020-06-01
Restart Required: Yes
Instructions:
1. Check for Android system updates in Settings > System > Advanced > System update. 2. Install the June 2020 security patch or later. 3. Reboot the device after installation.
🔧 Temporary Workarounds
Disable NFC functionality
androidTemporarily disable NFC to prevent the vulnerable code path from being executed
adb shell settings put secure nfc_on 0
Settings > Connected devices > Connection preferences > NFC (toggle off)
🧯 If You Can't Patch
- Implement strict application vetting and only allow trusted apps from official stores
- Use mobile device management (MDM) solutions to enforce security policies and monitor for suspicious behavior
🔍 How to Verify
Check if Vulnerable:
Check Android version and security patch level: Settings > About phone > Android version & Security patch level. If Android 10 with patch level before June 2020, device is vulnerable.Check Version:
adb shell getprop ro.build.version.release && adb shell getprop ro.build.version.security_patchVerify Fix Applied:
Verify security patch level is 2020-06-01 or later in Settings > About phone > Security patch level.📡 Detection & Monitoring
Log Indicators:
- Kernel crash logs related to NFC driver
- SELinux denials for NFC-related processes
- Unexpected privilege escalation attempts
Network Indicators:
- Unusual NFC communication patterns if monitored
SIEM Query:
source="android_logs" AND (process="nfc" OR process="com.android.nfc") AND (event="crash" OR event="privilege_escalation")