CVE-2019-2024

HIGH

Android - Use-After-Free in em28xx_dvb

Title source: llm
STIX 2.1

Description

In em28xx_unregister_dvb of em28xx-dvb.c, there is a possible use after free issue. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-111761954References: Upstream kernel

References (3)

Core 3
Core References
Vendor Advisory vendor-advisory x_refsource_ubuntu
https://usn.ubuntu.com/4094-1/
Vendor Advisory vendor-advisory x_refsource_ubuntu
https://usn.ubuntu.com/4118-1/

Scores

CVSS v3 7.8
EPSS 0.0022
EPSS Percentile 12.6%
Attack Vector LOCAL
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-416
Status published
Products (1)
google/android
Published Jun 19, 2019
Tracked Since Feb 18, 2026