Out-of-Bounds Write Vulnerability in Android OS by Google
CVE-2019-2031

7.8HIGH

Key Information:

Vendor: Android
Status: Android
Vendor: CVE Published:; 19 April 2019

Summary

The vulnerability is located in the rw_t3t_act_handle_check_ndef_rsp function within rw_t3t.cc, where a missing bounds check results in a potential out-of-bounds write. This flaw can be exploited to escalate privileges locally without requiring any additional execution privileges. Critically, the exploitation does not involve user interaction, making it a pressing concern for devices running the affected Android versions.

Affected Version(s)

Android Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9

References

https://source.android.com/security/bulletin/2019-04-01

x_refsource_CONFIRM

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 19, 2019
Vulnerability Reserved
Dec 10, 2018