ID CVE-2019-2050 Type cve Reporter cve@mitre.org Modified 2019-05-09T18:35:00
Description
In tearDownClientInterface of WificondControl.java, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-8.0 Android-8.1 Android-9 Android ID: A-121327323
{"threatpost": [{"lastseen": "2020-04-18T12:18:47", "bulletinFamily": "info", "cvelist": ["CVE-2018-11271", "CVE-2018-11940", "CVE-2018-11955", "CVE-2018-11976", "CVE-2018-12004", "CVE-2018-13886", "CVE-2018-13887", "CVE-2018-13898", "CVE-2018-13908", "CVE-2018-13910", "CVE-2018-5912", "CVE-2018-6243", "CVE-2019-2029", "CVE-2019-2043", "CVE-2019-2044", "CVE-2019-2045", "CVE-2019-2046", "CVE-2019-2047", "CVE-2019-2049", "CVE-2019-2050", "CVE-2019-2051", "CVE-2019-2052", "CVE-2019-2053", "CVE-2019-2054", "CVE-2019-2250", "CVE-2019-2256"], "description": "Google patched four remote code-execution (RCE) flaws as part of its [May Android Security Bulletin](<https://source.android.com/security/bulletin/2019-05-01.html>).\n\nThree of the critical bugs are tied to the System portion of the Android platform architecture, responsible for core apps such as the dialer, email and camera.\n\nA fourth critical RCE bug opens the door for an attack on the Android operating system\u2019s Media framework.\n\nOther details of the patches haven\u2019t been disclosed, but in all, the four patches ([CVE-2019-2045](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2045>), [CVE-2019-2046](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2046>), [CVE-2019-2047](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2047>), [CVE-2019-2044](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2044>)) will be sent over the air to Google Pixel handsets over the next few days, compatible for devices running OS versions 7, 8 and 9.\n\nHowever, other devices will remain vulnerable temporarily: Patches for Android handsets made by manufacturers such as Samsung and LG should be received over the next few weeks.\n\n[](<https://threatpost.com/newsletter-sign/>) \nEarlier this week Google also released patches for 10 bugs rated high, and one ranked moderate; and it issued patches for flaws identified in third-party components from vendors such as NVIDIA, Broadcom and Qualcomm, bringing the total number of fixed CVEs to 30.\n\n## Google Retools Patch Deployment\n\nOn Tuesday, Google said its next-generation mobile operating system, Android Q, revamps the way it [delivers direct over-the-air updates](<https://threatpost.com/google-touts-android-qs-new-security-update-process-and-better-privacy-controls-for-apps/144474/>).\n\nSecurity updates have often been a [pain point for Android devices; ](<https://threatpost.com/half-of-android-devices-unpatched-last-year/124511/>)because the operating system is utilized by so many device manufacturers, [it takes time for various manufacturers to push out updates](<https://threatpost.com/android-fragmentation-sinks-patching-gains/121224/>). Those updates are delivered over-the-air, but have so far been limited to monthly updates. That\u2019s about to change with Google\u2019s efforts to streamline the patching process by creating new update-friendly modules in its OS, capable of receiving direct over-the-air patches whenever needed.\n\n## LG and Samsung Play Patch Catchup\n\nFor its part, [LG said that users will receive](<https://lgsecurity.lge.com/>) patches for patches for 89 CVEs as part of the company\u2019s May patching schedule. Twelve of the CVEs are rated critical and include those patched by Google this month. However, eight critical CVEs (CVE-2019-2029, CVE-2018-11940, CVE-2018-11976, CVE-2018-12004, CVE-2018-13886, CVE-2018-13887, CVE-2018-11271, CVE-2019-2250) appear to be unique to LG\u2019s security bulletin.\n\nSimilarly, Samsung will push out seven critical patches that include an additional three CVEs ([CVE-2018-13886, CVE-2018-11271, CVE-2018-11940](<https://security.samsungmobile.com/securityUpdate.smsb>)). In all, Samsung patched 76 bugs, compared to the 30 CVEs that Google patched that include the third-party components.\n\n## Google Thanks Researchers\n\nAs part of its May Security Bulletin, Google also thanked [researchers behind the bugs discovered](<https://source.android.com/security/overview/acknowledgements/>).\n\nChong Wang (weibo.com/csddl) of Chengdu Security Response Center, Qihoo 360 Technology Co. Ltd. \u2013 CVE-2019-2053\n\nCusas of L.O. Team \u2013 CVE-2019-2044\n\nderrek (@derrekr6) \u2013 CVE-2018-6243, CVE-2018-13898, CVE-2018-13908\n\nEvgenii Stepanov of Google \u2013 CVE-2019-2049\n\nJann Horn of Google Project Zero \u2013 CVE-2019-2054\n\nJi Zhang (@opc0nt7) and Mingjian Zhou (\u5468\u660e\u5efa) (@Mingjian_Zhou) of C0RE Team \u2013 CVE-2019-2050\n\nJoshua Steiner \u2013 CVE-2019-2043\n\nPengfei Ding (\u4e01\u9e4f\u98de) of Huawei \u2013 CVE-2018-11955\n\nWei Liu (\u5218\u709c) and Yongke Wang (\u738b\u6c38\u79d1) (@Rudykewang) of Tencent Security Xuanwu Lab (\u817e\u8baf\u5b89\u5168\u7384\u6b66\u5b9e\u9a8c\u5ba4) \u2013 CVE-2019-2045, CVE-2019-2046, CVE-2019-2047, CVE-2019-2051, CVE-2019-2052\n\nWen Guanxing of Pangu LAB \u2013 CVE-2018-13910\n\nXiling Gong of Tencent Blade Team \u2013 CVE-2018-5912, CVE-2019-2256\n", "modified": "2019-05-08T17:35:25", "published": "2019-05-08T17:35:25", "id": "THREATPOST:19E9CF168D73D45637207967CAAFE0F4", "href": "https://threatpost.com/google-critical-remote-code-execution-flaws-android/144497/", "type": "threatpost", "title": "Google Patches Critical Remote Code-Execution Flaws in Android", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}]}
