Use of uninitialized resource in Google, Google Android



Published: 2020-04-17 | Updated: 2020-08-08
Risk Medium
Patch available YES
Number of vulnerabilities 1
CVE-ID CVE-2019-20785
CWE-ID CWE-908
Exploitation vector Local
Public exploit N/A
Vulnerable software
Subscribe 		Google Android
Operating systems & Components / Operating system

Vendor Google

Security Bulletin

This security bulletin contains one medium risk vulnerability.

1) Use of uninitialized resource

EUVDB-ID: #VU34458

Risk: Medium

CVSSv3.1: 5.9 [CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-20785

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

Description

The vulnerability allows a local non-authenticated attacker to execute arbitrary code.

An issue was discovered on LG mobile devices with Android OS 8.0 and 8.1 software for the DTAG carrier. RILD in the radio layer uses an uninitialized variable. The LG ID is LVE-SMP-180013 (January 2019).

Mitigation

Install update from vendor's website.

Vulnerable software versions

Google Android: 8.0 - 8.1

External links

http://lgsecurity.lge.com/


Q & A

Can this vulnerability be exploited remotely?

No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###