Vulnerabilities > CVE-2019-2112 - Use After Free vulnerability in Google Android 8.0/8.1/9.0

047910
CVSS 7.2 - HIGH
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
local
low complexity
google
CWE-416

Summary

In several functions of alarm.cc, there is possible memory corruption due to a use after free. This could lead to local code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-8.0 Android-8.1 Android-9. Android ID: A-117997080.

Vulnerable Configurations

Part Description Count
OS
Google
3

Common Weakness Enumeration (CWE)