CVE-2019-2008
Status: Analyzed
Last modified:
21-07-2021
Published:
19-06-2019
7.5
SUMMARY CVE-2019-2008
In createEffect of AudioFlinger.cpp, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9Android ID: A-122309228
Access CVSS3 CVE-2019-2008
Attack Complexity | Attack Vector | Privileges Required | Scope | User Interaction |
---|---|---|---|---|
HIGH | NETWORK | NONE | UNCHANGED | REQUIRED |
Impact CVSS3 CVE-2019-2008
Confidentiality | Integrity | Availability |
---|---|---|
HIGH | HIGH | HIGH |
Details CVE-2019-2008
EPSS | 0.00108 |
---|---|
EPSS % | 0.44365 |
References | |
CWE | CWE-787 |
Vulnerable Configurations |
|
CVSS3 Source | nvd@nist.gov |
CVSS3 Type | Primary |
CVSS3 Vector | CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H |