Improper Locking

CVE-2019-2119

Medium

5.5/10

Summary

In multiple functions of key_store_service.cpp, there is a possible Information Disclosure due to improper locking. This could lead to local information disclosure of protected data with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-8.0 Android-8.1 Android-9. Android ID: A-131622568.

Attack Complexity: LOW
Attack Vector: LOCAL
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: LOW
Confidentiality Impact: HIGH
Availability Impact: NONE

CWE-667 - Improper Locking

The software does not properly acquire or release a lock on a resource, leading to unexpected resource state changes and behaviors.

References

Advisory Timeline

Published Jul 08, 2019

Improper Locking

CVE-2019-2119

Summary

CWE-667 - Improper Locking

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS