Skip to main content

Use of Uninitialized Resource

CVE-2020-0006

Severity Medium
Score 6.5/10

Summary

In rw_i93_send_cmd_write_single_block of rw_i93.cc, there is a possible information disclosure of heap memory due to uninitialized data. This could lead to remote information disclosure in the NFC server with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-8.0, Android-8.1, Android-9, and Android-10 Android ID: A-139738828

  • LOW
  • NETWORK
  • NONE
  • UNCHANGED
  • REQUIRED
  • NONE
  • HIGH
  • NONE

CWE-908 - Use of Uninitialized Resource

The software uses or accesses a resource that has not been initialized.

References

Advisory Timeline

  • Published