Out-of-bounds Read Vulnerability in Android Kernel by Google
CVE-2019-2101

5.5MEDIUM

Key Information:

Vendor
Android
Status
Android
Vendor
CVE Published:
7 June 2019

Summary

A vulnerability exists in the Android kernel where improper input validation in the uvc_parse_standard_control function can lead to an out-of-bounds read. This flaw allows for potential local information disclosure, requiring no additional execution privileges or user interaction for exploitation. Users running affected versions of the Android kernel should apply the necessary patches to mitigate this risk.

Affected Version(s)

Android Android kernel

References

https://source.android.com/security/bulletin/2019-06-01
x_refsource_CONFIRM
https://lists.debian.org/debian-lts-announce/2019/07/msg0...
mailing-listx_refsource_MLIST
https://usn.ubuntu.com/4094-1/
vendor-advisoryx_refsource_UBUNTU

CVSS V3.1

Score:
5.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.