Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTFR-2019-AVI-045
Vulnerability from certfr_avis - Published: 2019-02-05 - Updated: 2019-02-05
De multiples vulnérabilités ont été découvertes dans Google Android. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Google Android toutes versions n\u0027int\u00e9grant pas le correctif de s\u00e9curit\u00e9 du 5 f\u00e9vrier 2019",
"product": {
"name": "Android",
"vendor": {
"name": "Google",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2018-6267",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-6267"
},
{
"name": "CVE-2018-11945",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11945"
},
{
"name": "CVE-2019-1993",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1993"
},
{
"name": "CVE-2018-11932",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11932"
},
{
"name": "CVE-2019-1992",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1992"
},
{
"name": "CVE-2018-10879",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10879"
},
{
"name": "CVE-2018-5268",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5268"
},
{
"name": "CVE-2018-5269",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5269"
},
{
"name": "CVE-2018-11820",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11820"
},
{
"name": "CVE-2018-13905",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-13905"
},
{
"name": "CVE-2019-1994",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1994"
},
{
"name": "CVE-2018-11948",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11948"
},
{
"name": "CVE-2018-11262",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11262"
},
{
"name": "CVE-2018-11864",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11864"
},
{
"name": "CVE-2017-17760",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-17760"
},
{
"name": "CVE-2019-1995",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1995"
},
{
"name": "CVE-2018-11275",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11275"
},
{
"name": "CVE-2018-11268",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11268"
},
{
"name": "CVE-2019-1996",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1996"
},
{
"name": "CVE-2016-6684",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-6684"
},
{
"name": "CVE-2019-1997",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1997"
},
{
"name": "CVE-2019-1988",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1988"
},
{
"name": "CVE-2018-6268",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-6268"
},
{
"name": "CVE-2018-11921",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11921"
},
{
"name": "CVE-2018-11938",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11938"
},
{
"name": "CVE-2018-11845",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11845"
},
{
"name": "CVE-2019-2001",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2001"
},
{
"name": "CVE-2018-11289",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11289"
},
{
"name": "CVE-2018-13900",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-13900"
},
{
"name": "CVE-2018-6271",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-6271"
},
{
"name": "CVE-2019-2000",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2000"
},
{
"name": "CVE-2019-1986",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1986"
},
{
"name": "CVE-2019-1991",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1991"
},
{
"name": "CVE-2019-1998",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1998"
},
{
"name": "CVE-2018-11935",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11935"
},
{
"name": "CVE-2018-11931",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11931"
},
{
"name": "CVE-2019-1999",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1999"
},
{
"name": "CVE-2017-18009",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-18009"
},
{
"name": "CVE-2018-13904",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-13904"
},
{
"name": "CVE-2018-5839",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5839"
},
{
"name": "CVE-2018-11280",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11280"
},
{
"name": "CVE-2019-1987",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1987"
}
],
"initial_release_date": "2019-02-05T00:00:00",
"last_revision_date": "2019-02-05T00:00:00",
"links": [],
"reference": "CERTFR-2019-AVI-045",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2019-02-05T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Google Android.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service et une\natteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Google Android",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Android du 4 f\u00e9vrier 2019",
"url": "https://source.android.com/security/bulletin/2019-02-01.html"
}
]
}
CVE-2019-1988 (GCVE-0-2019-1988)
Vulnerability from cvelistv5 – Published: 2019-02-28 17:00 – Updated: 2024-09-16 20:17
VLAI
EPSS
Summary
In sample6 of SkSwizzler.cpp, there is a possible out of bounds write due to improper input validation. This could lead to remote code execution in system_server with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-8.0 Android-8.1 Android-9. Android ID: A-118372692.
Severity
No CVSS data available.
CWE
- Remote code execution
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/106842 | vdb-entryx_refsource_BID |
| https://source.android.com/security/bulletin/2019-02-01 | x_refsource_CONFIRM |
Impacted products
Date Public
2019-02-04 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T18:35:52.370Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "106842",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/106842"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://source.android.com/security/bulletin/2019-02-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Android",
"vendor": "Android",
"versions": [
{
"status": "affected",
"version": "Android-8.0 Android-8.1 Android-9"
}
]
}
],
"datePublic": "2019-02-04T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "In sample6 of SkSwizzler.cpp, there is a possible out of bounds write due to improper input validation. This could lead to remote code execution in system_server with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-8.0 Android-8.1 Android-9. Android ID: A-118372692."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote code execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-03-01T10:57:01.000Z",
"orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"shortName": "google_android"
},
"references": [
{
"name": "106842",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/106842"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://source.android.com/security/bulletin/2019-02-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"DATE_PUBLIC": "2019-02-04T00:00:00",
"ID": "CVE-2019-1988",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Android",
"version": {
"version_data": [
{
"version_value": "Android-8.0 Android-8.1 Android-9"
}
]
}
}
]
},
"vendor_name": "Android"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In sample6 of SkSwizzler.cpp, there is a possible out of bounds write due to improper input validation. This could lead to remote code execution in system_server with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-8.0 Android-8.1 Android-9. Android ID: A-118372692."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote code execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "106842",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106842"
},
{
"name": "https://source.android.com/security/bulletin/2019-02-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2019-02-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"assignerShortName": "google_android",
"cveId": "CVE-2019-1988",
"datePublished": "2019-02-28T17:00:00.000Z",
"dateReserved": "2018-12-10T00:00:00.000Z",
"dateUpdated": "2024-09-16T20:17:33.437Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-1991 (GCVE-0-2019-1991)
Vulnerability from cvelistv5 – Published: 2019-02-28 17:00 – Updated: 2024-09-17 02:41
VLAI
EPSS
Summary
In btif_dm_data_copy of btif_core.cc, there is a possible out of bounds write due to a buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-110166268.
Severity
No CVSS data available.
CWE
- Remote code execution
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://source.android.com/security/bulletin/2019-02-01 | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/106946 | vdb-entryx_refsource_BID |
Impacted products
Date Public
2019-02-04 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T18:35:52.462Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://source.android.com/security/bulletin/2019-02-01"
},
{
"name": "106946",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/106946"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Android",
"vendor": "Android",
"versions": [
{
"status": "affected",
"version": "Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9"
}
]
}
],
"datePublic": "2019-02-04T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "In btif_dm_data_copy of btif_core.cc, there is a possible out of bounds write due to a buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-110166268."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote code execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-03-01T10:57:01.000Z",
"orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"shortName": "google_android"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://source.android.com/security/bulletin/2019-02-01"
},
{
"name": "106946",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/106946"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"DATE_PUBLIC": "2019-02-04T00:00:00",
"ID": "CVE-2019-1991",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Android",
"version": {
"version_data": [
{
"version_value": "Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9"
}
]
}
}
]
},
"vendor_name": "Android"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In btif_dm_data_copy of btif_core.cc, there is a possible out of bounds write due to a buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-110166268."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote code execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.android.com/security/bulletin/2019-02-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2019-02-01"
},
{
"name": "106946",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106946"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"assignerShortName": "google_android",
"cveId": "CVE-2019-1991",
"datePublished": "2019-02-28T17:00:00.000Z",
"dateReserved": "2018-12-10T00:00:00.000Z",
"dateUpdated": "2024-09-17T02:41:29.598Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-1992 (GCVE-0-2019-1992)
Vulnerability from cvelistv5 – Published: 2019-02-28 17:00 – Updated: 2024-09-16 17:37
VLAI
EPSS
Summary
In bta_hl_sdp_query_results of bta_hl_main.cc, there is a possible use-after-free due to a race condition. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-116222069.
Severity
No CVSS data available.
CWE
- Remote code execution
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://source.android.com/security/bulletin/2019-02-01 | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/106946 | vdb-entryx_refsource_BID |
Impacted products
Date Public
2019-02-04 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T18:35:52.448Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://source.android.com/security/bulletin/2019-02-01"
},
{
"name": "106946",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/106946"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Android",
"vendor": "Android",
"versions": [
{
"status": "affected",
"version": "Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9"
}
]
}
],
"datePublic": "2019-02-04T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "In bta_hl_sdp_query_results of bta_hl_main.cc, there is a possible use-after-free due to a race condition. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-116222069."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote code execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-03-01T10:57:01.000Z",
"orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"shortName": "google_android"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://source.android.com/security/bulletin/2019-02-01"
},
{
"name": "106946",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/106946"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"DATE_PUBLIC": "2019-02-04T00:00:00",
"ID": "CVE-2019-1992",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Android",
"version": {
"version_data": [
{
"version_value": "Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9"
}
]
}
}
]
},
"vendor_name": "Android"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In bta_hl_sdp_query_results of bta_hl_main.cc, there is a possible use-after-free due to a race condition. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-116222069."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote code execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.android.com/security/bulletin/2019-02-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2019-02-01"
},
{
"name": "106946",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106946"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"assignerShortName": "google_android",
"cveId": "CVE-2019-1992",
"datePublished": "2019-02-28T17:00:00.000Z",
"dateReserved": "2018-12-10T00:00:00.000Z",
"dateUpdated": "2024-09-16T17:37:57.595Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-1993 (GCVE-0-2019-1993)
Vulnerability from cvelistv5 – Published: 2019-02-28 17:00 – Updated: 2024-09-16 22:45
VLAI
EPSS
Summary
In register_app of btif_hd.cc, there is a possible memory corruption due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-8.0 Android-8.1 Android-9. Android ID: A-119819889.
Severity
No CVSS data available.
CWE
- Elevation of privilege
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://source.android.com/security/bulletin/2019-02-01 | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/106946 | vdb-entryx_refsource_BID |
Impacted products
Date Public
2019-02-04 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T18:35:52.392Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://source.android.com/security/bulletin/2019-02-01"
},
{
"name": "106946",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/106946"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Android",
"vendor": "Android",
"versions": [
{
"status": "affected",
"version": "Android-8.0 Android-8.1 Android-9"
}
]
}
],
"datePublic": "2019-02-04T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "In register_app of btif_hd.cc, there is a possible memory corruption due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-8.0 Android-8.1 Android-9. Android ID: A-119819889."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Elevation of privilege",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-03-01T10:57:01.000Z",
"orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"shortName": "google_android"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://source.android.com/security/bulletin/2019-02-01"
},
{
"name": "106946",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/106946"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"DATE_PUBLIC": "2019-02-04T00:00:00",
"ID": "CVE-2019-1993",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Android",
"version": {
"version_data": [
{
"version_value": "Android-8.0 Android-8.1 Android-9"
}
]
}
}
]
},
"vendor_name": "Android"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In register_app of btif_hd.cc, there is a possible memory corruption due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-8.0 Android-8.1 Android-9. Android ID: A-119819889."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Elevation of privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.android.com/security/bulletin/2019-02-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2019-02-01"
},
{
"name": "106946",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106946"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"assignerShortName": "google_android",
"cveId": "CVE-2019-1993",
"datePublished": "2019-02-28T17:00:00.000Z",
"dateReserved": "2018-12-10T00:00:00.000Z",
"dateUpdated": "2024-09-16T22:45:54.447Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-1994 (GCVE-0-2019-1994)
Vulnerability from cvelistv5 – Published: 2019-02-28 17:00 – Updated: 2024-09-17 00:36
VLAI
EPSS
Summary
In refresh of DevelopmentTiles.java, there is the possibility of leaving development settings accessible due to an insecure default value. This could lead to unwanted access to development settings, with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-8.0 Android-8.1 Android-9. Android ID: A-117770924.
Severity
No CVSS data available.
CWE
- Elevation of privilege
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://source.android.com/security/bulletin/2019-02-01 | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/106946 | vdb-entryx_refsource_BID |
Impacted products
Date Public
2019-02-04 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T18:35:52.444Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://source.android.com/security/bulletin/2019-02-01"
},
{
"name": "106946",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/106946"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Android",
"vendor": "Android",
"versions": [
{
"status": "affected",
"version": "Android-8.0 Android-8.1 Android-9"
}
]
}
],
"datePublic": "2019-02-04T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "In refresh of DevelopmentTiles.java, there is the possibility of leaving development settings accessible due to an insecure default value. This could lead to unwanted access to development settings, with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-8.0 Android-8.1 Android-9. Android ID: A-117770924."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Elevation of privilege",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-03-01T10:57:01.000Z",
"orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"shortName": "google_android"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://source.android.com/security/bulletin/2019-02-01"
},
{
"name": "106946",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/106946"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"DATE_PUBLIC": "2019-02-04T00:00:00",
"ID": "CVE-2019-1994",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Android",
"version": {
"version_data": [
{
"version_value": "Android-8.0 Android-8.1 Android-9"
}
]
}
}
]
},
"vendor_name": "Android"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In refresh of DevelopmentTiles.java, there is the possibility of leaving development settings accessible due to an insecure default value. This could lead to unwanted access to development settings, with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-8.0 Android-8.1 Android-9. Android ID: A-117770924."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Elevation of privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.android.com/security/bulletin/2019-02-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2019-02-01"
},
{
"name": "106946",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106946"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"assignerShortName": "google_android",
"cveId": "CVE-2019-1994",
"datePublished": "2019-02-28T17:00:00.000Z",
"dateReserved": "2018-12-10T00:00:00.000Z",
"dateUpdated": "2024-09-17T00:36:18.392Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-1995 (GCVE-0-2019-1995)
Vulnerability from cvelistv5 – Published: 2019-02-28 17:00 – Updated: 2024-09-16 23:20
VLAI
EPSS
Summary
In ComposeActivityEmail of ComposeActivityEmail.java, there is a possible way to silently attach files to an email due to a confused deputy. This could lead to local information disclosure, sending files accessible to AOSP Mail to a remote email recipient, with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-32589229.
Severity
No CVSS data available.
CWE
- Information disclosure
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://source.android.com/security/bulletin/2019-02-01 | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/106946 | vdb-entryx_refsource_BID |
Impacted products
Date Public
2019-02-04 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T18:35:52.458Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://source.android.com/security/bulletin/2019-02-01"
},
{
"name": "106946",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/106946"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Android",
"vendor": "Android",
"versions": [
{
"status": "affected",
"version": "Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9"
}
]
}
],
"datePublic": "2019-02-04T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "In ComposeActivityEmail of ComposeActivityEmail.java, there is a possible way to silently attach files to an email due to a confused deputy. This could lead to local information disclosure, sending files accessible to AOSP Mail to a remote email recipient, with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-32589229."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-03-01T10:57:01.000Z",
"orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"shortName": "google_android"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://source.android.com/security/bulletin/2019-02-01"
},
{
"name": "106946",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/106946"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"DATE_PUBLIC": "2019-02-04T00:00:00",
"ID": "CVE-2019-1995",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Android",
"version": {
"version_data": [
{
"version_value": "Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9"
}
]
}
}
]
},
"vendor_name": "Android"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In ComposeActivityEmail of ComposeActivityEmail.java, there is a possible way to silently attach files to an email due to a confused deputy. This could lead to local information disclosure, sending files accessible to AOSP Mail to a remote email recipient, with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-32589229."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.android.com/security/bulletin/2019-02-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2019-02-01"
},
{
"name": "106946",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106946"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"assignerShortName": "google_android",
"cveId": "CVE-2019-1995",
"datePublished": "2019-02-28T17:00:00.000Z",
"dateReserved": "2018-12-10T00:00:00.000Z",
"dateUpdated": "2024-09-16T23:20:42.094Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-1996 (GCVE-0-2019-1996)
Vulnerability from cvelistv5 – Published: 2019-02-28 17:00 – Updated: 2024-09-17 02:15
VLAI
EPSS
Summary
In avrc_pars_browse_rsp of avrc_pars_ct.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-8.0 Android-8.1 Android-9. Android ID: A-111451066.
Severity
No CVSS data available.
CWE
- Information disclosure
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://source.android.com/security/bulletin/2019-02-01 | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/106946 | vdb-entryx_refsource_BID |
Impacted products
Date Public
2019-02-04 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T18:35:52.349Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://source.android.com/security/bulletin/2019-02-01"
},
{
"name": "106946",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/106946"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Android",
"vendor": "Android",
"versions": [
{
"status": "affected",
"version": "Android-8.0 Android-8.1 Android-9"
}
]
}
],
"datePublic": "2019-02-04T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "In avrc_pars_browse_rsp of avrc_pars_ct.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-8.0 Android-8.1 Android-9. Android ID: A-111451066."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-03-01T10:57:01.000Z",
"orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"shortName": "google_android"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://source.android.com/security/bulletin/2019-02-01"
},
{
"name": "106946",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/106946"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"DATE_PUBLIC": "2019-02-04T00:00:00",
"ID": "CVE-2019-1996",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Android",
"version": {
"version_data": [
{
"version_value": "Android-8.0 Android-8.1 Android-9"
}
]
}
}
]
},
"vendor_name": "Android"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In avrc_pars_browse_rsp of avrc_pars_ct.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-8.0 Android-8.1 Android-9. Android ID: A-111451066."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.android.com/security/bulletin/2019-02-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2019-02-01"
},
{
"name": "106946",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106946"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"assignerShortName": "google_android",
"cveId": "CVE-2019-1996",
"datePublished": "2019-02-28T17:00:00.000Z",
"dateReserved": "2018-12-10T00:00:00.000Z",
"dateUpdated": "2024-09-17T02:15:36.924Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-1997 (GCVE-0-2019-1997)
Vulnerability from cvelistv5 – Published: 2019-02-28 17:00 – Updated: 2024-09-16 23:40
VLAI
EPSS
Summary
In random_get_bytes of random.c, there is a possible degradation of randomness due to an insecure default value. This could lead to local information disclosure via an insecure wireless connection with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-117508900.
Severity
No CVSS data available.
CWE
- Information disclosure
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://source.android.com/security/bulletin/2019-02-01 | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/106946 | vdb-entryx_refsource_BID |
Impacted products
Date Public
2019-02-04 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T18:35:52.416Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://source.android.com/security/bulletin/2019-02-01"
},
{
"name": "106946",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/106946"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Android",
"vendor": "Android",
"versions": [
{
"status": "affected",
"version": "Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9"
}
]
}
],
"datePublic": "2019-02-04T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "In random_get_bytes of random.c, there is a possible degradation of randomness due to an insecure default value. This could lead to local information disclosure via an insecure wireless connection with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-117508900."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-03-01T10:57:01.000Z",
"orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"shortName": "google_android"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://source.android.com/security/bulletin/2019-02-01"
},
{
"name": "106946",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/106946"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"DATE_PUBLIC": "2019-02-04T00:00:00",
"ID": "CVE-2019-1997",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Android",
"version": {
"version_data": [
{
"version_value": "Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9"
}
]
}
}
]
},
"vendor_name": "Android"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In random_get_bytes of random.c, there is a possible degradation of randomness due to an insecure default value. This could lead to local information disclosure via an insecure wireless connection with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-117508900."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.android.com/security/bulletin/2019-02-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2019-02-01"
},
{
"name": "106946",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106946"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"assignerShortName": "google_android",
"cveId": "CVE-2019-1997",
"datePublished": "2019-02-28T17:00:00.000Z",
"dateReserved": "2018-12-10T00:00:00.000Z",
"dateUpdated": "2024-09-16T23:40:56.912Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-1998 (GCVE-0-2019-1998)
Vulnerability from cvelistv5 – Published: 2019-02-28 17:00 – Updated: 2024-09-17 00:07
VLAI
EPSS
Summary
In event_handler of keymaster_app.c, there is possible resource exhaustion due to a table being lost on reboot. This could lead to local denial of service that is not fixed by a factory reset, with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-116055338.
Severity
No CVSS data available.
CWE
- Denial of service
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://source.android.com/security/bulletin/2019-02-01 | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/106946 | vdb-entryx_refsource_BID |
Date Public
2019-02-04 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T18:35:52.426Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://source.android.com/security/bulletin/2019-02-01"
},
{
"name": "106946",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/106946"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Android",
"vendor": "Android",
"versions": [
{
"status": "affected",
"version": "Android-9"
}
]
}
],
"datePublic": "2019-02-04T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "In event_handler of keymaster_app.c, there is possible resource exhaustion due to a table being lost on reboot. This could lead to local denial of service that is not fixed by a factory reset, with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-116055338."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of service",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-03-01T10:57:01.000Z",
"orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"shortName": "google_android"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://source.android.com/security/bulletin/2019-02-01"
},
{
"name": "106946",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/106946"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"DATE_PUBLIC": "2019-02-04T00:00:00",
"ID": "CVE-2019-1998",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Android",
"version": {
"version_data": [
{
"version_value": "Android-9"
}
]
}
}
]
},
"vendor_name": "Android"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In event_handler of keymaster_app.c, there is possible resource exhaustion due to a table being lost on reboot. This could lead to local denial of service that is not fixed by a factory reset, with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-116055338."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.android.com/security/bulletin/2019-02-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2019-02-01"
},
{
"name": "106946",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106946"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"assignerShortName": "google_android",
"cveId": "CVE-2019-1998",
"datePublished": "2019-02-28T17:00:00.000Z",
"dateReserved": "2018-12-10T00:00:00.000Z",
"dateUpdated": "2024-09-17T00:07:01.556Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-1999 (GCVE-0-2019-1999)
Vulnerability from cvelistv5 – Published: 2019-02-28 17:00 – Updated: 2024-09-17 03:17
VLAI
EPSS
Summary
In binder_alloc_free_page of binder_alloc.c, there is a possible double free due to improper locking. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-120025196.
Severity
No CVSS data available.
CWE
- Elevation of privilege
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/106851 | vdb-entryx_refsource_BID |
| https://source.android.com/security/bulletin/2019-02-01 | x_refsource_CONFIRM |
| https://www.exploit-db.com/exploits/46357/ | exploitx_refsource_EXPLOIT-DB |
| https://usn.ubuntu.com/3979-1/ | vendor-advisoryx_refsource_UBUNTU |
| https://www.debian.org/security/2019/dsa-4495 | vendor-advisoryx_refsource_DEBIAN |
| https://seclists.org/bugtraq/2019/Aug/13 | mailing-listx_refsource_BUGTRAQ |
Date Public
2019-02-04 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T18:35:52.476Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "106851",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/106851"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://source.android.com/security/bulletin/2019-02-01"
},
{
"name": "46357",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/46357/"
},
{
"name": "USN-3979-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3979-1/"
},
{
"name": "DSA-4495",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2019/dsa-4495"
},
{
"name": "20190812 [SECURITY] [DSA 4495-1] linux security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Aug/13"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Android",
"vendor": "Android",
"versions": [
{
"status": "affected",
"version": "Android kernel"
}
]
}
],
"datePublic": "2019-02-04T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "In binder_alloc_free_page of binder_alloc.c, there is a possible double free due to improper locking. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-120025196."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Elevation of privilege",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-12T15:06:18.000Z",
"orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"shortName": "google_android"
},
"references": [
{
"name": "106851",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/106851"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://source.android.com/security/bulletin/2019-02-01"
},
{
"name": "46357",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/46357/"
},
{
"name": "USN-3979-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3979-1/"
},
{
"name": "DSA-4495",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2019/dsa-4495"
},
{
"name": "20190812 [SECURITY] [DSA 4495-1] linux security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Aug/13"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"DATE_PUBLIC": "2019-02-04T00:00:00",
"ID": "CVE-2019-1999",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Android",
"version": {
"version_data": [
{
"version_value": "Android kernel"
}
]
}
}
]
},
"vendor_name": "Android"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In binder_alloc_free_page of binder_alloc.c, there is a possible double free due to improper locking. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-120025196."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Elevation of privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "106851",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106851"
},
{
"name": "https://source.android.com/security/bulletin/2019-02-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2019-02-01"
},
{
"name": "46357",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/46357/"
},
{
"name": "USN-3979-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3979-1/"
},
{
"name": "DSA-4495",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2019/dsa-4495"
},
{
"name": "20190812 [SECURITY] [DSA 4495-1] linux security update",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Aug/13"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"assignerShortName": "google_android",
"cveId": "CVE-2019-1999",
"datePublished": "2019-02-28T17:00:00.000Z",
"dateReserved": "2018-12-10T00:00:00.000Z",
"dateUpdated": "2024-09-17T03:17:33.855Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…