Main Vulnerability Database Vulnerabilities #VU34673

Code Injection in Google Android - CVE-2019-20530

Published: March 24, 2020 / Updated: August 8, 2020

Vulnerability identifier: #VU34673

CSH Severity: High

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2019-20530

CWE-ID: CWE-94

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Google

Affected software:
Google Android

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

An issue was discovered on Samsung mobile devices with N(7.1), O(8.x), P(9.0), and Q(10.0) software. Arbitrary code execution is possible on the lock screen. The Samsung ID is SVE-2019-15266 (December 2019).

How to mitigate CVE-2019-20530

Install update from vendor's website.

Sources

https://security.samsungmobile.com/securityUpdate.smsb

Code Injection in Google Android - CVE-2019-20530

Detailed vulnerability description

How to mitigate CVE-2019-20530

Sources

Please verify you're human