The frame touch module does not make validity judgments on parameter lengths when processing specific parameters,which caused out of the boundary when memory access.The vulnerability eventually leads to a local DOS on the device.
Source: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12485
Reference (s):
- https://www.vivo.com/en/support/security-advisory-detail?id=2
- URL: https://www.vivo.com/en/support/security-advisory-detail?id=2