Main Vulnerability Database Vulnerabilities #VU35809

Integer overflow in Google Android - CVE-2019-2007

Published: June 19, 2019 / Updated: August 8, 2020

Vulnerability identifier: #VU35809

CSH Severity: High

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2019-2007

CWE-ID: CWE-190

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Google

Affected software:
Google Android

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

In getReadIndex and getWriteIndex of FifoControllerBase.cpp, there is a possible out-of-bounds write due to an integer overflow. This could lead to local escalation of privilege in the audio server with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9Android ID: A-120789744

How to mitigate CVE-2019-2007

Install update from vendor's website.

Sources

https://source.android.com/security/bulletin/2019-03-01

Integer overflow in Google Android - CVE-2019-2007

Detailed vulnerability description

How to mitigate CVE-2019-2007

Sources

Please verify you're human