ASB-A-137284057

Import Source

https://storage.googleapis.com/android-osv/ASB-A-137284057.json

Aliases

CVE-2019-2194

Published

2020-10-01T00:00:00Z

Modified

2024-04-24T14:40:06Z

Details

In SurfaceFlinger::createLayer of SurfaceFlinger.cpp, there is a possible arbitrary code execution due to improper casting. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

References

https://source.android.com/security/bulletin/2020-10-01
https://android.googlesource.com/platform/frameworks/native/+/76923a32ab6ea25115b65ff86ade7235ba7b3a33

Affected packages

Android / platform/frameworks/native

Package

Name: platform/frameworks/native

Affected ranges

Type: ECOSYSTEM
Events: Introduced

9:0

Fixed

9:2020-10-01

Affected versions

Other

Ecosystem specific

{
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/native/+/76923a32ab6ea25115b65ff86ade7235ba7b3a33"
    ],
    "spl": "2020-10-01",
    "types": [
        "EoP"
    ],
    "severity": "Moderate"
}