CVE-2020-0357 – This CVE describes a use-after-free vulnerabili... (How to Fix)

Q: What is the severity of CVE-2020-0357?

CVE-2020-0357 has a CVSS score of 7.8 (HIGH). This CVE describes a use-after-free vulnerability in Android's SurfaceFlinger graphics server due to improper locking. It allows local attackers to escalate privileges without user interaction, potentially gaining full system control. Only Android 11 devices are affected.

📋 TL;DR

This CVE describes a use-after-free vulnerability in Android's SurfaceFlinger graphics server due to improper locking. It allows local attackers to escalate privileges without user interaction, potentially gaining full system control. Only Android 11 devices are affected.

💻 Affected Systems

Products:

Android

Versions: Android 11 only

Operating Systems: Android

Default Config Vulnerable: ⚠️ Yes

Notes: All Android 11 devices with unpatched SurfaceFlinger are vulnerable. The vulnerability is in the graphics server component.

📦 What is this software?

Android by Google

View all CVEs affecting Android →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device compromise with attacker gaining root/system-level privileges, allowing installation of persistent malware, data theft, and full system control.

🟠

Likely Case

Local privilege escalation allowing attackers to bypass app sandboxing, access sensitive data from other apps, and perform unauthorized system operations.

🟢

If Mitigated

Limited impact if device is fully patched, isolated from untrusted apps, and has additional security controls like SELinux enforcement.

🌐 Internet-Facing: LOW - This is a local privilege escalation requiring physical or app-based access to the device.

🏢 Internal Only: HIGH - Malicious apps or users with physical access can exploit this to gain elevated privileges on affected devices.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires local access but no user interaction. The use-after-free in graphics server makes exploitation non-trivial but feasible for skilled attackers.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Android Security Patch Level 2020-09-01 or later

Vendor Advisory: https://source.android.com/security/bulletin/android-11

Restart Required: Yes

Instructions:

1. Check Android version (Settings > About phone > Android version). 2. Check Security patch level (Settings > About phone > Android security update). 3. If patch level is before 2020-09-01, update via Settings > System > System update. 4. Reboot device after update completes.

🔧 Temporary Workarounds

Disable unknown sources

android

Prevent installation of potentially malicious apps that could exploit this vulnerability

Enable Google Play Protect

android

Use built-in malware scanning to detect potentially malicious apps

🧯 If You Can't Patch

Isolate affected devices from sensitive networks and data
Implement strict app installation policies and monitor for suspicious activity

🔍 How to Verify

Check if Vulnerable:

Check Android version is 11 AND security patch level is before 2020-09-01

Check Version:

adb shell getprop ro.build.version.release && adb shell getprop ro.build.version.security_patch

Verify Fix Applied:

Verify Android security patch level is 2020-09-01 or later in Settings > About phone > Android security update

📡 Detection & Monitoring

Log Indicators:

SurfaceFlinger crash logs
Unexpected privilege escalation attempts
SELinux denials related to graphics services

Network Indicators:

Unusual outbound connections from system processes
Suspicious app behavior post-exploitation

SIEM Query:

process_name:"surfaceflinger" AND (event_type:crash OR privilege_change:escalation)

📊 Metadata

CVE ID: CVE-2020-0357

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-416

Published: September 17, 2020

Last Updated: November 21, 2024

🔗 References

https://source.android.com/security/bulletin/android-11 Vendor Advisory
https://source.android.com/security/bulletin/android-11 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-0357, you might also want to check these: