Main Vulnerability Database Vulnerabilities #VU35604

Permissions, Privileges, and Access Controls in Google Android - CVE-2019-2120

Published: August 20, 2019 / Updated: August 8, 2020

Vulnerability identifier: #VU35604

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2019-2120

CWE-ID: CWE-264

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: Google

Affected software:
Google Android

Detailed vulnerability description

The vulnerability allows a local authenticated user to execute arbitrary code.

In OatFileAssistant::GenerateOatFile of oat_file_assistant.cc, there is a possible file corruption issue due to an insecure default value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-130821293.

How to mitigate CVE-2019-2120

Install update from vendor's website.

Sources

https://source.android.com/security/bulletin/2019-08-01

Permissions, Privileges, and Access Controls in Google Android - CVE-2019-2120

Detailed vulnerability description

How to mitigate CVE-2019-2120

Sources

Please verify you're human