CVE-2019-2116

Name of the Vulnerable Software and Affected Versions Android versions 7.0 through 9

Description A possible out-of-bound read due to a missing bounds check in the save attr seq function of sdp discovery.cc could lead to remote information disclosure. No additional execution privileges are needed, and user interaction is not required for exploitation.

Recommendations For Android versions 7.0 through 9, apply the necessary patch to fix the missing bounds check in the save attr seq function of sdp discovery.cc. As a temporary workaround, consider restricting access to the affected function until a patch is available.