Vulnerabilities > CVE-2019-2104 - Use of Uninitialized Resource vulnerability in Google Android 8.0/8.1/9.0

CVSS 5.5 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

local

low complexity

google

CWE-908

NVD

Published: 2019-07-08

Updated: 2021-07-21

Summary

In HIDL, safe_union, and other C++ structs/unions being sent to application processes, there are uninitialized fields. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-8.0 Android-8.1 Android-9. Android ID: A-131356202

Vulnerable Configurations

Part	Description	Count
OS	Google Google Android 8.0 Google Android 8.1 Google Android 9.0	3

Common Weakness Enumeration (CWE)

CWE-908 - Use of Uninitialized Resource

The Hacker News

id	THN:3EF3D21E9E9A00B15843F5EDAA63DED1
last seen	2019-07-02
modified	2019-07-02
published	2019-07-02
reporter	The Hacker News
source	https://thehackernews.com/2019/07/android-security-update.html
title	Android July 2019 Security Update Patches 33 New Vulnerabilities

References

https://source.android.com/security/bulletin/2019-07-01