Double Free in Google Android - #VU20905
Published: September 6, 2019
Vulnerability identifier: #VU20905
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: N/A
CWE-ID: CWE-415
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Google
Affected software:
Google Android
Google Android
Detailed vulnerability description
The vulnerability allows a local attacker to execute arbitrary code on the target system.
The vulnerability exists within the v4l2 driver due to the lack of validating the existence of an object prior to performing operations on the object. A local attacker, which must first obtain the ability to execute low-privileged code on the target system, can leverage this to escalate privileges in the context of the kernel, trigger double free error and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Remediation
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.