Candidate: CVE-2020-0306
PublicDate: 2020-09-17 21:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0306
 https://source.android.com/security/bulletin/android-11
Description:
 In LLVM, there is a possible ineffective stack cookie placement due to
 stack frame double reservation. This could lead to local escalation of
 privilege with no additional execution privileges needed. User interaction
 is not needed for exploitation.Product: AndroidVersions: Android-11Android
 ID: A-139666480
Ubuntu-Description:
Notes:
 sbeattie| possibly a weak hardening measure allowing easier
   exploitation, and not a vulnerability in and of itself. But clarity
   is needed.
Mitigation:
Bugs:
Priority: low
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H [7.8 HIGH]


Patches_llvm-toolchain-11:
upstream_llvm-toolchain-11: needs-triage
precise/esm_llvm-toolchain-11: DNE
trusty_llvm-toolchain-11: ignored (out of standard support)
trusty/esm_llvm-toolchain-11: DNE
xenial_llvm-toolchain-11: DNE
bionic_llvm-toolchain-11: DNE
focal_llvm-toolchain-11: needs-triage
groovy_llvm-toolchain-11: ignored (reached end-of-life)
hirsute_llvm-toolchain-11: ignored (reached end-of-life)
impish_llvm-toolchain-11: needs-triage
jammy_llvm-toolchain-11: needs-triage
devel_llvm-toolchain-11: needs-triage

Patches_llvm-toolchain-10:
upstream_llvm-toolchain-10: needs-triage
precise/esm_llvm-toolchain-10: DNE
trusty_llvm-toolchain-10: ignored (out of standard support)
trusty/esm_llvm-toolchain-10: DNE
xenial_llvm-toolchain-10: DNE
bionic_llvm-toolchain-10: needs-triage
focal_llvm-toolchain-10: needs-triage
groovy_llvm-toolchain-10: ignored (reached end-of-life)
hirsute_llvm-toolchain-10: DNE
impish_llvm-toolchain-10: DNE
jammy_llvm-toolchain-10: DNE
devel_llvm-toolchain-10: DNE

Patches_llvm-toolchain-9:
upstream_llvm-toolchain-9: needs-triage
precise/esm_llvm-toolchain-9: DNE
trusty_llvm-toolchain-9: ignored (out of standard support)
trusty/esm_llvm-toolchain-9: DNE
xenial_llvm-toolchain-9: DNE
bionic_llvm-toolchain-9: needs-triage
focal_llvm-toolchain-9: needs-triage
groovy_llvm-toolchain-9: ignored (reached end-of-life)
hirsute_llvm-toolchain-9: ignored (reached end-of-life)
impish_llvm-toolchain-9: needs-triage
jammy_llvm-toolchain-9: DNE
devel_llvm-toolchain-9: DNE

Patches_llvm-toolchain-8:
upstream_llvm-toolchain-8: needs-triage
precise/esm_llvm-toolchain-8: DNE
trusty_llvm-toolchain-8: ignored (out of standard support)
trusty/esm_llvm-toolchain-8: DNE
xenial_llvm-toolchain-8: ignored (end of standard support, was needs-triage)
bionic_llvm-toolchain-8: needs-triage
focal_llvm-toolchain-8: needs-triage
groovy_llvm-toolchain-8: ignored (reached end-of-life)
hirsute_llvm-toolchain-8: DNE
impish_llvm-toolchain-8: DNE
jammy_llvm-toolchain-8: DNE
devel_llvm-toolchain-8: DNE