Use of uninitialized resource in Google Android - CVE-2019-20785
Published: April 17, 2020 / Updated: August 8, 2020
Vulnerability identifier: #VU34458
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2019-20785
CWE-ID: CWE-908
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Google
Affected software:
Google Android
Google Android
Detailed vulnerability description
The vulnerability allows a local non-authenticated attacker to execute arbitrary code.
An issue was discovered on LG mobile devices with Android OS 8.0 and 8.1 software for the DTAG carrier. RILD in the radio layer uses an uninitialized variable. The LG ID is LVE-SMP-180013 (January 2019).
How to mitigate CVE-2019-20785
Install update from vendor's website.