CVE-2019-1010221

Name of the Vulnerable Software and Affected Versions: LineageOS versions 16.0 and earlier

Description: The issue concerns incorrect access control. It allows an attacker with physical access to exploit the adb shell component by setting a specific property, enabling them to restart adb as root. This can be achieved by running the command adb shell setprop service.adb.root 1 in a normal adb shell session when adb is enabled.

Recommendations: For LineageOS versions 16.0 and earlier, consider disabling adb access when not needed to minimize the risk of exploitation. As a temporary workaround, restrict physical access to devices until a patch is applied. At the moment, there is no information about a newer version that contains a fix for this vulnerability.