CVE-2020-27048
📋 TL;DR
This vulnerability in Android 11 allows local privilege escalation through an out-of-bounds write in the RW_SendRawFrame function. Attackers can gain elevated privileges without needing additional execution permissions, though user interaction is required for exploitation. Only Android 11 devices are affected.
💻 Affected Systems
- Android
📦 What is this software?
Android by Google
⚠️ Risk & Real-World Impact
Worst Case
Complete device compromise with attacker gaining root/system-level privileges, potentially installing persistent malware or accessing all user data.
Likely Case
Local attacker gains elevated privileges to access sensitive data or install malicious apps without user knowledge.
If Mitigated
With proper patching, the vulnerability is eliminated; without patching, risk is reduced if users avoid installing untrusted apps or clicking suspicious links.
🎯 Exploit Status
Exploitation requires user interaction and local access; no public exploit code is known, but the vulnerability is serious enough that weaponization is possible.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Android Security Bulletin December 2020 patches
Vendor Advisory: https://source.android.com/security/bulletin/pixel/2020-12-01
Restart Required: Yes
Instructions:
1. Check for system updates in Settings > System > Advanced > System update. 2. Install the December 2020 Android security patch. 3. Reboot the device after installation.
🔧 Temporary Workarounds
Disable unknown sources
androidPrevent installation of apps from unknown sources to reduce attack surface
Settings > Security > Install unknown apps > Disable for all apps
Limit app permissions
androidReview and restrict app permissions to minimize potential damage
Settings > Apps & notifications > App permissions > Review each permission
🧯 If You Can't Patch
- Isolate affected devices from sensitive networks and data
- Implement application allowlisting to prevent unauthorized app execution
🔍 How to Verify
Check if Vulnerable:
Check Android version in Settings > About phone > Android version. If it shows Android 11 without December 2020 security patch, device is vulnerable.Check Version:
adb shell getprop ro.build.version.release && adb shell getprop ro.build.version.security_patchVerify Fix Applied:
Verify Android version is Android 11 with security patch level December 5, 2020 or later in Settings > About phone > Android security patch level.📡 Detection & Monitoring
Log Indicators:
- Unusual privilege escalation events in system logs
- Suspicious process creation with elevated privileges
Network Indicators:
- None - this is a local exploit
SIEM Query:
source="android_system" AND (event_type="privilege_escalation" OR process_name="RW_SendRawFrame")