#VU20905 Double Free in Google Android
Published: September 6, 2019
Vulnerability identifier: #VU20905
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: N/A
CWE-ID: CWE-415
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
Google Android
Google Android
Software vendor:
Google
Description
The vulnerability allows a local attacker to execute arbitrary code on the target system.
The vulnerability exists within the v4l2 driver due to the lack of validating the existence of an object prior to performing operations on the object. A local attacker, which must first obtain the ability to execute low-privileged code on the target system, can leverage this to escalate privileges in the context of the kernel, trigger double free error and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Remediation
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.