CVE-2019-2034

HIGH

Android 7.0-9 - Local Privilege Escalation via Integer Overflow in rw_i93_sm_read_ndef

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-2034. PoCs published by codecat007.

AI-analyzed exploit summary This repository contains a functional PoC for CVE-2019-2034, an NFC-related vulnerability in Android. It includes modified code for Proxmark3 to simulate an ISO 15693 card, triggering a SIGSEGV crash in the NFC service.

Description

In rw_i93_sm_read_ndef of rw_i93.cc, there is a possible out-of-bounds write due to an integer overflow. This could lead to local escalation of privilege in the NFC process with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-122035770.

Exploits (1)

github WORKING POC 8 stars
by codecat007 · cpoc
https://github.com/codecat007/cvehub/tree/main/android/CVE-2019-2034

This repository contains a functional PoC for CVE-2019-2034, an NFC-related vulnerability in Android. It includes modified code for Proxmark3 to simulate an ISO 15693 card, triggering a SIGSEGV crash in the NFC service.

Classification
Working Poc 90%
Attack Type
Dos
Complexity
Moderate
Reliability
Reliable
Target: Android NFC service (libnfc-nci.so)
No auth needed
Prerequisites: Proxmark3 hardware · Android device with NFC support
devstral-2 · analyzed Feb 27, 2026 Full analysis →

References (1)

Core 1
Core References
Patch, Vendor Advisory x_refsource_confirm
https://source.android.com/security/bulletin/2019-04-01

Scores

CVSS v3 7.8
EPSS 0.0006
EPSS Percentile 18.0%
Attack Vector LOCAL
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE
CWE-190 CWE-787
Status published
Products (6)
google/android 7.0
google/android 7.1.1
google/android 7.1.2
google/android 8.0
google/android 8.1
google/android 9.0
Published Apr 19, 2019
Tracked Since Feb 18, 2026