Main Vulnerability Database Vulnerabilities #VU35539

Use-after-free in Google Android - CVE-2019-9273

Published: September 7, 2019 / Updated: August 8, 2020

Vulnerability identifier: #VU35539

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2019-9273

CWE-ID: CWE-416

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: Google

Affected software:
Google Android

Detailed vulnerability description

The vulnerability allows a local privileged user to execute arbitrary code.

In the Android kernel in the synaptics_dsx_htc touchscreen driver there is a possible use after free due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

How to mitigate CVE-2019-9273

Install update from vendor's website.

Sources

https://source.android.com/security/bulletin/pixel/2019-09-01

Use-after-free in Google Android - CVE-2019-9273

Detailed vulnerability description

How to mitigate CVE-2019-9273

Sources

Please verify you're human