CVE-2019-2008

Status: Analyzed
Last modified: 21-07-2021
Published: 19-06-2019
7.5

SUMMARY CVE-2019-2008

In createEffect of AudioFlinger.cpp, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9Android ID: A-122309228

Access CVSS3 CVE-2019-2008

Attack Complexity Attack Vector Privileges Required Scope User Interaction
HIGH NETWORK NONE UNCHANGED REQUIRED

Impact CVSS3 CVE-2019-2008

Confidentiality Integrity Availability
HIGH HIGH HIGH

Details CVE-2019-2008

EPSS 0.00108
EPSS % 0.44365
References
CWE CWE-787
Vulnerable Configurations
  • cpe:2.3:o:google:android:8.0:*:*:*:*:*:*:*
    cpe:2.3:o:google:android:8.0:*:*:*:*:*:*:*
  • cpe:2.3:o:google:android:8.1:*:*:*:*:*:*:*
    cpe:2.3:o:google:android:8.1:*:*:*:*:*:*:*
  • cpe:2.3:o:google:android:9.0:*:*:*:*:*:*:*
    cpe:2.3:o:google:android:9.0:*:*:*:*:*:*:*
CVSS3 Source nvd@nist.gov
CVSS3 Type Primary
CVSS3 Vector CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

ATOM RSS Feed Link for CVE Vulnerabilities

CVE Data Propulsed by AKAOMA CyberSecurity