CVE-2019-9429 HIGH

Published: 2019-09-27 | Last Modified: 2026-06-17 | Status: Modified

Description

In profman, there is a possible out of bounds write due to memory corruption. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-110035108

Additional Descriptions (1)

En profman, se presenta una posible escritura fuera de límites debido a una corrupción de la memoria. Esto podría conllevar a una escalada de privilegios local sin ser necesarios privilegios de ejecución adicionales. No es requerida una interacción del usuario para su explotación. Producto: Android, Versiones: Android-10, ID de Android: A-110035108

CVSS Metrics

Base Score: 7.8 (HIGH)

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector	LOCAL
Attack Complexity	LOW
Privileges Required	LOW
User Interaction	NONE
Scope	UNCHANGED
Confidentiality Impact	HIGH
Integrity Impact	HIGH
Availability Impact	HIGH

Source: [email protected]

Type: Primary

Exploitability Score: 1.8

Impact Score: 5.9

Base Score: 4.6 (MEDIUM)

AV:L/AC:L/Au:N/C:P/I:P/A:P

Access Vector	LOCAL
Access Complexity	LOW
Authentication	NONE
Confidentiality Impact	PARTIAL
Integrity Impact	PARTIAL
Availability Impact	PARTIAL

Source: [email protected]

Type: Primary

Exploitability Score: 3.9

Impact Score: 6.4

Weaknesses

Source	Type	Description
[email protected]	Primary	en CWE-787

Affected Products

Vendor	Product	Version	Update	Type
google	android	10.0	<built-in method update of dict object at 0x72a9b0c46a00>	Operating System

Affected Configurations

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:o:google:android:10.0:::::::*`

References

https://source.android.com/security/bulletin/android-10
Source: [email protected]

Vendor Advisory
https://source.android.com/security/bulletin/android-10
Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory