2 matches found
CVE-2019-2218
In createSessionInternal of PackageInstallerService.java, there is a possible improper permission grant due to a missing permission check. This could lead to local escalation of privilege by installing malicious packages with User execution privileges needed. User interaction is not needed for...
CVE-2019-2218
CVE-2019-2218 affects Android Framework (PackageInstallerService.java) with a missing permission check in createSessionInternal, enabling local elevation of privilege by installing malicious packages. Exploitation is local with no user interaction required and could grant complete confidentiality...