CVE-2019-2027

HIGH

Android -7.x-9.x - RCE

Title source: llm

Description

In floor0_inverse1 of floor0.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-119120561.

Exploits (1)

github WRITEUP 8 stars

by codecat007 · cpoc

https://github.com/codecat007/cvehub/tree/main/android/CVE-2019-2027

View Code ZIP pw:eip

References (1)

[Patch, Vendor Advisory] https://source.android.com/security/bulletin/2019-04-01

Scores

CVSS v3 8.8

EPSS 0.0034

EPSS Percentile 56.5%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Classification

CWE

CWE-787

Status published

Affected Products (6)

google/android

Timeline

Published Apr 19, 2019

Tracked Since Feb 18, 2026