Main Vulnerability Database Vulnerabilities #VU35534

Permissions, Privileges, and Access Controls in Google Android - CVE-2019-2182

Published: September 7, 2019 / Updated: August 8, 2020

Vulnerability identifier: #VU35534

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2019-2182

CWE-ID: CWE-264

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: Google

Affected software:
Google Android

Detailed vulnerability description

The vulnerability allows a local authenticated user to execute arbitrary code.

In the Android kernel in the kernel MMU code there is a possible execution path leaving some kernel text and rodata pages writable. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

How to mitigate CVE-2019-2182

Install update from vendor's website.

Sources

https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html
https://source.android.com/security/bulletin/pixel/2019-09-01
https://www.debian.org/security/2020/dsa-4698

Permissions, Privileges, and Access Controls in Google Android - CVE-2019-2182

Detailed vulnerability description

How to mitigate CVE-2019-2182

Sources

Please verify you're human