Login Sign Up

CVE-2020-0440

7.8 HIGH

📋 TL;DR

This vulnerability allows local attackers to create trusted virtual displays without proper permission checks in Android's DisplayManagerService. It enables local privilege escalation on Android 11 devices, potentially allowing malicious apps to gain elevated system privileges. Only Android 11 devices are affected.

💻 Affected Systems

Products:
  • Android
Versions: Android 11 only
Operating Systems: Android
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects Android 11. Android 10 and earlier, and Android 12 and later are not vulnerable.

📦 What is this software?

Android by Google

View all CVEs affecting Android →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device compromise where attacker gains full system privileges, can access sensitive data, install persistent malware, or disable security controls.

🟠

Likely Case

Malicious app gains elevated privileges to access other apps' data, modify system settings, or perform unauthorized actions without user knowledge.

🟢

If Mitigated

Attack fails due to proper permission enforcement or device not running vulnerable Android version.

🌐 Internet-Facing: LOW - This is a local privilege escalation requiring app installation or physical access.
🏢 Internal Only: MEDIUM - Malicious apps could exploit this if installed on corporate devices, but requires local execution.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Requires local app installation or physical access. No user interaction needed once exploited.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Android Security Patch Level 2020-12-01 or later

Vendor Advisory: https://source.android.com/security/bulletin/2020-12-01

Restart Required: Yes

Instructions:

1. Check Android version (Settings > About phone > Android version). 2. Check security patch level (Settings > About phone > Android security patch level). 3. If on Android 11 with patch level before 2020-12-01, install system update. 4. Reboot device after update.

🔧 Temporary Workarounds

Restrict app installations

android

Only install apps from trusted sources like Google Play Store and disable unknown sources installation.

Settings > Security > Install unknown apps > Disable for all apps

🧯 If You Can't Patch

  • Upgrade to Android 12 or later if device supports it
  • Use mobile device management (MDM) to restrict app installations and monitor for suspicious activity

🔍 How to Verify

Check if Vulnerable:

Check Android version is 11 and security patch level is before 2020-12-01 in Settings > About phone

Check Version:

adb shell getprop ro.build.version.release && adb shell getprop ro.build.version.security_patch

Verify Fix Applied:

Verify security patch level is 2020-12-01 or later in Settings > About phone > Android security patch level

📡 Detection & Monitoring

Log Indicators:

  • Unusual virtual display creation events in system logs
  • Permission denial logs for display management operations

Network Indicators:

  • None - this is a local exploit

SIEM Query:

Look for Android system logs containing 'DisplayManagerService' and 'createVirtualDisplay' with suspicious caller UIDs

📊 Metadata

CVE ID: CVE-2020-0440
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-862
Published: December 14, 2020
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-0440, you might also want to check these:

CVE-2024-6071 10.0

CVE-2024-6071 is a critical remote code execution vulnerability in PTC Creo Elements/Direct License ...

Same vulnerability type (CWE-862)
CVE-2022-0543 10.0

CVE-2022-0543 is a critical Lua sandbox escape vulnerability in Redis on Debian-based systems that a...

Same vulnerability type (CWE-862)
CVE-2024-6500 10.0

This vulnerability allows unauthenticated attackers to read and delete arbitrary files on WordPress ...

Same vulnerability type (CWE-862)