Google Android 缓冲区错误漏洞

CNNVD-ID编号	CNNVD-202105-027	CVE编号	CVE-2020-11289
发布时间	2021-05-03	更新时间	2021-05-06
漏洞类型	缓冲区错误	漏洞来源	N/A
危险等级	高危	威胁类型	N/A
厂商	N/A

漏洞介绍

Google Android是美国~谷歌~开放手持设备联盟（Google）的的一套以Linux为基础的开源操作系统。 Widevine TA 存在缓冲区错误漏洞，该漏洞源于缺乏对命令ID的验证，在TZ命令处理程序中可能发生越界写操作。以下产品及版本受到影响：APQ8009, APQ8017, APQ8037, APQ8053, APQ8064AU, APQ8096AU, AQT1000, AR8031, AR8035, AR8151, CSR8811, CSRA6620, CSRA6640, CSRB31024, FSM10055, FSM10056, IPQ5010, IPQ5018, IPQ6000, IPQ6005, IPQ6010, IPQ6018, IPQ6028, IPQ8070, IPQ8070A, IPQ8071, IPQ8071A, IPQ8072, IPQ8072A, IPQ8074, IPQ8074A, IPQ8076, IPQ8076A, IPQ8078, IPQ8078A, IPQ8173, IPQ8174, MDM8207, MDM9150, MDM9205, MDM9206, MDM9207, MDM9250, MDM9607, MDM9628, MDM9640, MDM9650, MDM9655, MSM8108, MSM8208, MSM8209, MSM8608, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, PM215, PM3003A, PM4125, PM4250, PM439, PM456, PM6125, PM6150, PM6150A, PM6150L, PM6250, PM6350, PM640A, PM640L, PM640P, PM660, PM660A, PM660L, PM670, PM670A, PM670L, PM7150A, PM7150L, PM7250, PM7250B, PM8004, PM8005, PM8008, PM8009, PM8019, PM8150, PM8150A, PM8150B, PM8150C, PM8150L, PM8250, PM8350, PM8350B, PM8350BH, PM8350C, PM855