CVE-2019-2043

HIGH

Android - Privilege Escalation

Title source: llm

Description

In SmsDefaultDialog.onStart of SmsDefaultDialog.java, there is a possible escalation of privilege due to an overlay attack. This could lead to local escalation of privilege, granting privileges to a local app without the user's informed consent, with no additional privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9 Android ID: A-120484087

References (2)

[Vendor Advisory] https://source.android.com/security/bulletin/2019-05-01

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/108240

Scores

CVSS v3 7.3

EPSS 0.0001

EPSS Percentile 2.7%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Details

CWE

CWE-1188

Status published

Products (6)

google/android 7.0

google/android 7.1.1

google/android 7.1.2

google/android 8.0

google/android 8.1

google/android 9.0

Published May 08, 2019

Tracked Since Feb 18, 2026