Vulnerability Name:

CVE-2019-1986 (CCN-157951)

Assigned:2018-12-10
Published:2019-02-04
Updated:2019-03-01
Summary:In SkSwizzler::onSetSampleX of SkSwizzler.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to remote escalation of privilege in system_server with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-117838472.
CVSS v3 Severity:8.8 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
7.7 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): 
Attack Complexity (AC): 
Privileges Required (PR): 
User Interaction (UI): 
Scope:Scope (S): 
Impact Metrics:Confidentiality (C): 
Integrity (I): 
Availibility (A): 
8.6 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H)
7.5 High (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): 
Attack Complexity (AC): 
Privileges Required (PR): 
User Interaction (UI): 
Scope:Scope (S): 
Impact Metrics:Confidentiality (C): 
Integrity (I): 
Availibility (A): 
CVSS v2 Severity:9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
6.8 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:S/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-787
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2019-1986

Source: BID
Type: Third Party Advisory
106842

Source: CCN
Type: Google Web site
Android

Source: XF
Type: UNKNOWN
android-cve20191986-code-exec(157951)

Source: CCN
Type: Android Open Source Project
Android Security Bulletin — February 2019

Source: CONFIRM
Type: Vendor Advisory
https://source.android.com/security/bulletin/2019-02-01

Vulnerable Configuration:Configuration 1:
  • cpe:/o:google:android:9.0:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/o:google:android:9.0:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Vulnerability Name:

    CVE-2019-1986 (CCN-171855)

    Assigned:2018-12-10
    Published:2020-08-20
    Updated:2020-08-20
    Summary:Community Response Systems could allow a remote attacker to obtain sensitive information, caused by the local storing of credentials on the computer in unencrypted form. An attacker could exploit this vulnerability to obtain sensitive information.
    CVSS v3 Severity:8.8 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
    7.7 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:U/RC:R)
    Exploitability Metrics:Attack Vector (AV): 
    Attack Complexity (AC): 
    Privileges Required (PR): 
    User Interaction (UI): 
    Scope:Scope (S): 
    Impact Metrics:Confidentiality (C): 
    Integrity (I): 
    Availibility (A): 
    7.5 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
    6.6 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:U/RC:R)
    Exploitability Metrics:Attack Vector (AV): 
    Attack Complexity (AC): 
    Privileges Required (PR): 
    User Interaction (UI): 
    Scope:Scope (S): 
    Impact Metrics:Confidentiality (C): 
    Integrity (I): 
    Availibility (A): 
    CVSS v2 Severity:9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C)
    Exploitability Metrics:Access Vector (AV): Network
    Access Complexity (AC): Medium
    Authentication (Au): None
    Impact Metrics:Confidentiality (C): Complete
    Integrity (I): Complete
    Availibility (A): Complete
    7.8 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:N/A:N)
    Exploitability Metrics:Access Vector (AV): Network
    Access Complexity (AC): Low
    Athentication (Au): None
    Impact Metrics:Confidentiality (C): Complete
    Integrity (I): None
    Availibility (A): None
    Vulnerability Consequences:Obtain Information
    References:Source: MITRE
    Type: CNA
    CVE-2019-1986

    Source: XF
    Type: UNKNOWN
    crs-cve201919186-information-disc(171855)

    Source: CCN
    Type: Community Response Systems Web site
    Community Response Systems

    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:com.ubuntu.bionic:def:20191986000
    V
    		CVE-2019-1986 on Ubuntu 18.04 LTS (bionic) - medium.
    2019-02-28
    oval:com.ubuntu.cosmic:def:201919860000000
    V
    		CVE-2019-1986 on Ubuntu 18.10 (cosmic) - medium.
    2019-02-28
    oval:com.ubuntu.cosmic:def:20191986000
    V
    		CVE-2019-1986 on Ubuntu 18.10 (cosmic) - medium.
    2019-02-28
    oval:com.ubuntu.bionic:def:201919860000000
    V
    		CVE-2019-1986 on Ubuntu 18.04 LTS (bionic) - medium.
    2019-02-28
    oval:com.ubuntu.trusty:def:20191986000
    V
    		CVE-2019-1986 on Ubuntu 14.04 LTS (trusty) - medium.
    2019-02-28
    oval:com.ubuntu.xenial:def:201919860000000
    V
    		CVE-2019-1986 on Ubuntu 16.04 LTS (xenial) - medium.
    2019-02-28
    oval:com.ubuntu.xenial:def:20191986000
    V
    		CVE-2019-1986 on Ubuntu 16.04 LTS (xenial) - medium.
    2019-02-28
    BACK
    google android 9.0
    google android 9.0