Xiaomi MIUI privilege escalation | CVE-2020-14123

April 26, 2022

NAME

Xiaomi MIUI privilege escalation

  • Platforms Affected:
    Xiaomi MIUI 12.5.2
  • Risk Level:
    9.8
  • Exploitability:
    Unproven
  • Consequences:
    Gain Privileges

DESCRIPTION

Xiaomi MIUI could allow a remote attacker to gain elevated privileges on the system, caused by a pointer double free flaw when the memory pointer is copied to two function modules during a function call. By sending a specially-crafted request, an attacker could exploit this vulnerability to cause the module to crash and gain elevated privileges.

CVSS 3.0 Information

  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
  • Access Vector: Network
  • Access Complexity: Low
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High
  • Remediation Level: Official Fix

MITIGATION

Refer to Xiaomi Product Security Advisory Bulletins MiSVD-2022-134 for patch, upgrade or suggested workaround information. See References.

  • Reference Link:
    https://trust.mi.com/zh-CN/misrc/bulletins/advisory?cveId=134
  • Reference Link:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14123

If you like the site, please consider joining the telegram channel and supporting us on Patreon using the button below.

Digital Patreon Wordmark FieryCoralv2

You may have missed

hackerone

HackerOne Bug Bounty Disclosure: overwrite-any-file-of-the-web-server-goedix

November 5, 2024
hackerone

HackerOne Bug Bounty Disclosure: open-redirect-via-redirect-to-parameter-in-tumblr-com-shivangmauryaa

November 5, 2024
image

[EMBARGO] – Ransomware Victim: mh-m[.]org

November 5, 2024
image

[BIANLIAN] – Ransomware Victim: Falco Sult

November 5, 2024
image

[INCRANSOM] – Ransomware Victim: Webb Institute

November 5, 2024