CVE-2019-14514

Name of the Vulnerable Software and Affected Versions: Microvirt MEmu versions prior to 7.0.2

Description: An issue was discovered in Microvirt MEmu where a guest Android operating system contains a /system/bin/systemd binary that runs with root privileges on startup. This binary opens TCP port 21509 to receive installation-related commands from the host OS. Due to the direct concatenation of input into a system() call after the installer:uninstall command, it is possible to execute arbitrary commands by supplying shell metacharacters.

Recommendations: For versions prior to 7.0.2, update to version 7.0.2 or later to resolve the issue. As a temporary workaround, consider restricting access to TCP port 21509 to minimize the risk of exploitation.