2019-06-01 security patch level vulnerability details
In the sections below, we provide details for each of the security vulnerabilities that apply to the 2019-06-01 patch level. Vulnerabilities are grouped under the component they affect. There is a description of the issue and a table with the CVE, associated references, type of vulnerability, severity, and updated AOSP versions (where applicable). When available, we link the public change that addressed the issue to the bug ID, such as the AOSP change list. When multiple changes relate to a single bug, additional references are linked to numbers following the bug ID.
Framework
The most severe vulnerability in this section could enable a local malicious application to bypass user interaction requirements in order to gain access to additional permissions.
CVE References Type Severity Updated AOSP versions
CVE-2019-2090 A-128599183 EoP High 7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9
CVE-2019-2091 A-128599660 EoP High 7.0, 7.1.1, 7.1.2, 8.0, 8.1
CVE-2019-2092 A-128599668 EoP High 7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9
Media framework
The most severe vulnerability in this section could enable a remote attacker using a specially crafted file to execute arbitrary code within the context of a privileged process.
CVE References Type Severity Updated AOSP versions
CVE-2019-2093 A-119292397 RCE Critical 9
CVE-2019-2094 A-129068792 RCE Critical 7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9
CVE-2019-2095 A-124232283 RCE Critical 9
CVE-2019-2096 A-123237974 [2] EoP High 7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9
System
The most severe vulnerability in this section could enable a remote attacker using a specially crafted PAC file to execute arbitrary code within the context of a privileged process.
CVE References Type Severity Updated AOSP versions
CVE-2019-2097 A-117606285 RCE Critical 7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9
CVE-2019-2102 A-128843052 EoP High 7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9
CVE-2019-2098 A-128599467 EoP High 7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9
CVE-2019-2099 A-123583388 EoP High 7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9
2019-06-05 security patch level vulnerability details
In the sections below, we provide details for each of the security vulnerabilities that apply to the 2019-06-05 patch level. Vulnerabilities are grouped under the component they affect and include details such as the CVE, associated references, type of vulnerability, severity, component (where applicable), and updated AOSP versions (where applicable). When available, we link the public change that addressed the issue to the bug ID, such as the AOSP change list. When multiple changes relate to a single bug, additional references are linked to numbers following the bug ID.
Framework
The vulnerability in this section could lead to remote information disclosure with no additional execution privileges needed.
CVE References Type Severity Updated AOSP versions
CVE-2018-9526 A-112159033 [2] [3] [4] ID High 7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9
Kernel components
The vulnerability in this section could enable a local malicious application to bypass operating system protections that isolate application data from other applications.
CVE References Type Severity Component
CVE-2019-2101 A-111760968* ID High UVC driver
Qualcomm components
These vulnerabilities affect Qualcomm components and are described in further detail in the appropriate Qualcomm security bulletin or security alert. The severity assessment of these issues is provided directly by Qualcomm.
CVE References Type Severity Component
CVE-2019-2269 A-123700924
QC-CR#2264429 N/A Critical WLAN HOST
CVE-2019-2287 A-114399807
QC-CR#2368791 [2] N/A Critical Video
CVE-2019-2260 A-123999895
QC-CR#2294824 N/A High Kernel
CVE-2019-2292 A-127513046
QC-CR#2327688
QC-CR#2333042 N/A High WLAN HOST
Qualcomm closed-source components
These vulnerabilities affect Qualcomm closed-source components and are described in further detail in the appropriate Qualcomm security bulletin or security alert. The severity assessment of these issues is provided directly by Qualcomm.
CVE References Type Severity Component
CVE-2018-13924 A-120486477* N/A Critical Closed-source component
CVE-2018-13927 A-120485121* N/A Critical Closed-source component
CVE-2018-13896 A-120487163* N/A High Closed-source component
CVE-2019-2243 A-122473494* N/A High Closed-source component
CVE-2019-2261 A-123998003* N/A High Closed-source component
...
[ Ссылка ]
