Main Vulnerability Database Vulnerabilities #VU35543

Permissions, Privileges, and Access Controls in Google Android - CVE-2019-9345

Published: September 7, 2019 / Updated: August 8, 2020

Vulnerability identifier: #VU35543

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2019-9345

CWE-ID: CWE-264

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: Google

Affected software:
Google Android

Detailed vulnerability description

The vulnerability allows a local authenticated user to execute arbitrary code.

In the Android kernel in sdcardfs there is a possible violation of the separation of data between profiles due to shared mapping of obb files. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.

How to mitigate CVE-2019-9345

Install update from vendor's website.

Sources

https://source.android.com/security/bulletin/pixel/2019-09-01

Permissions, Privileges, and Access Controls in Google Android - CVE-2019-9345

Detailed vulnerability description

How to mitigate CVE-2019-9345

Sources

Please verify you're human