In ColorOS (oppo mobile phone operating system, based on AOSP frameworks/native code position/services/surfaceflinger surfaceflinger.CPP), RGB is defined on the stack but uninitialized, so when the screenShot function to RGB value assignment, will not initialize the value is returned to the attackers, leading to values on the stack information leakage, the vulnerability can be used to bypass attackers ALSR.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NOppo Coloros
OSOppowszystkie wersje
Related vulnerabilities
Dynamic loading of services in the backup and restore SDK leads to elevated privileges, affected product is co...
There is a command injection problem in the old version of the mobile phone backup app.
In ACE2 ColorOS11, the attacker can obtain the foreground package name through permission promotion, resulting...
ColorOS pregrant dangerous permissions to apps which are listed in a whitelist xml named default-grant-permiss...
Privilege escalation w OPPO Usercenter Credit SDK — wyciek danych aplikacji