Main Vulnerability Database Vulnerabilities #VU35573

Input validation error in Google Android - CVE-2019-2175

Published: September 6, 2019 / Updated: August 8, 2020

Vulnerability identifier: #VU35573

CSH Severity: High

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2019-2175

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Google

Affected software:
Google Android

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

In checkAccess of SliceManagerService.java in Android 9, there is a possible permissions check bypass due to incorrect order of arguments. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.

How to mitigate CVE-2019-2175

Install update from vendor's website.

Sources

https://source.android.com/security/bulletin/2019-09-01

Input validation error in Google Android - CVE-2019-2175

Detailed vulnerability description

How to mitigate CVE-2019-2175

Sources

Please verify you're human