Podatność CVE-2019-9458


Publikacja: 2019-09-06

Opis:
In the Android kernel in the video driver there is a use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Typ:

CWE-362

Producent: Google
Produkt: Android 

CVSS2 => (AV:L/AC:M/Au:N/C:P/I:P/A:P)

Ogólna skala CVSS
Znaczenie
Łatwość wykorzystania
4.4/10
6.4/10
3.4/10
Wymagany dostęp
Złożoność ataku
Autoryzacja
Lokalny
Średnia
Nie wymagana
Wpływ na poufność
Wpływ na integralność
Wpływ na dostępność
Częściowy
Częściowy
Częściowy

 Referencje:
https://source.android.com/security/bulletin/pixel/2019-09-01

Podobne CVE
CVE-2019-16508
The Imagination Technologies driver for Chrome OS before R74-11895.B, R75 before R75-12105.B, and R76 before R76-12208.0.0 allows attackers to trigger an Integer Overflow and gain privileges via a malicious application. This occurs because of intenti...
CVE-2019-9463
In Platform, there is a possible bypass of user interaction requirements due to background app interception. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation....
CVE-2019-9462
In Bluetooth, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersio...
CVE-2019-9460
In mediaserver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidV...
CVE-2019-9459
In libttspico, there is a possible OOB write due to a heap buffer overflow. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: A...
CVE-2019-9440
In AOSP Email, there is a possible information disclosure due to a confused deputy. This could lead to local disclosure of the Email app's protected files with User execution privileges needed. User interaction is needed for exploitation. Product: An...
CVE-2019-9438
In the Package Manager service, there is a possible information disclosure due to a confused deputy. This could lead to local disclosure of information about installed packages for other users with no additional execution privileges needed. User inte...
CVE-2019-9435
In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersi...

Copyright 2019, cxsecurity.com

 

Back to Top