CVE-2020-0041

CVE Database · CVE-2020-0041

CVE-2020-0041

· HIGHAnalyzed

CVSS v3.1

7.8

EPSS

3.25%

Published

Mar 10, 2020

Modified

Oct 23, 2025

CISA Known Exploited Vulnerability

Added: 2021-11-03 · Due: 2022-05-03

Apply updates per vendor instructions.

Public PoC / Exploit (6)

All weaponized →

TrickestTrickest PoC index GitHub PoCbluefrostsecurity/CVE-2020-0041★257 GitHub PoCj4nn/CVE-2020-0041★62 GitHub PoCjcalabres/root-exploit-pixel3★13 GitHub PoCvaginessa/CVE-2020-0041-Pixel-3a★8 GitHub PoCkoharin/CVE-2020-0041★1

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

In binder_transaction of binder.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-145988638References: Upstream kernel

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Weaknesses (CWE)

CWE-20CWE-20

Affected Products (1)

google · androidvulnerable

References (3)

https://source.android.com/security/bulletin/2020-03-01

Vendor Advisory

https://source.android.com/security/bulletin/2020-03-01

Vendor Advisory

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-0041

Third Party AdvisoryUS Government Resource

KEV Catalog EPSS Scores Vendors All CVEs