#VU34458 Use of uninitialized resource in Google Android - CVE-2019-20785
Published: April 17, 2020 / Updated: August 8, 2020
Vulnerability identifier: #VU34458
Vulnerability risk: Medium
CVSSv4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2019-20785
CWE-ID: CWE-908
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
Google Android
Google Android
Software vendor:
Google
Description
The vulnerability allows a local non-authenticated attacker to execute arbitrary code.
An issue was discovered on LG mobile devices with Android OS 8.0 and 8.1 software for the DTAG carrier. RILD in the radio layer uses an uninitialized variable. The LG ID is LVE-SMP-180013 (January 2019).
Remediation
Install update from vendor's website.