Main Vulnerability Database Vulnerabilities #VU35416

Incorrect permission assignment for critical resource in Google Android - CVE-2019-9384

Published: September 27, 2019 / Updated: August 8, 2020

Vulnerability identifier: #VU35416

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2019-9384

CWE-ID: CWE-732

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: Google

Affected software:
Google Android

Detailed vulnerability description

The vulnerability allows a local privileged user to execute arbitrary code.

In LockPatternUtils, there is a possible escalation of privilege due to an improper permissions check. This could lead to local bypass of the Lockguard with System execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-120568007

How to mitigate CVE-2019-9384

Install update from vendor's website.

Sources

https://source.android.com/security/bulletin/android-10

Incorrect permission assignment for critical resource in Google Android - CVE-2019-9384

Detailed vulnerability description

How to mitigate CVE-2019-9384

Sources

Please verify you're human