CVE-2019-9253

Name of the Vulnerable Software and Affected Versions Android versions Android-10

Description A possible storage issue in KeyStore allows symmetric keys to be stored in the Trusted Execution Environment (TEE) instead of the strongbox due to a missing strongbox flag. This could lead to local information disclosure, requiring System execution privileges for exploitation. No user interaction is needed for exploitation.

Recommendations For Android version Android-10, consider applying the fix related to the strongbox flag to ensure symmetric keys are stored securely in the strongbox instead of the TEE.