ID CVE-2019-2206
Summary In rw_i93_sm_set_read_only of rw_i93.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution over NFC with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-139188579
References
Vulnerable Configurations
  • cpe:2.3:o:google:android:8.0:*:*:*:*:*:*:*
    cpe:2.3:o:google:android:8.0:*:*:*:*:*:*:*
  • cpe:2.3:o:google:android:8.1:*:*:*:*:*:*:*
    cpe:2.3:o:google:android:8.1:*:*:*:*:*:*:*
  • cpe:2.3:o:google:android:9.0:*:*:*:*:*:*:*
    cpe:2.3:o:google:android:9.0:*:*:*:*:*:*:*
  • cpe:2.3:o:google:android:10.0:*:*:*:*:*:*:*
    cpe:2.3:o:google:android:10.0:*:*:*:*:*:*:*
CVSS
Base: 9.3 (as of 15-11-2019 - 13:14)
Impact:
Exploitability:
CWE CWE-787
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:M/Au:N/C:C/I:C/A:C
refmap via4
misc https://source.android.com/security/bulletin/2019-11-01
Last major update 15-11-2019 - 13:14
Published 13-11-2019 - 18:15
Last modified 15-11-2019 - 13:14
Back to Top