PT-2019-19476 · Google · Android
Publicado
2019-09-05
·
Atualizado
2021-07-21
·
CVE-2019-9254
CVSS v3.1
7.8
Alta
| Vetor | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Android version 10
Description
The issue is related to a possible command injection in the
readArgumentList function of zygote.java due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Recommendations
For Android version 10, consider restricting access to the
readArgumentList function in zygote.java to minimize the risk of exploitation until a patch is available.Correção
Command Injection
RCE
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Android