CVE-2019-2178

HIGH

Android 7.1.1-9 - Out-of-bounds Write in rw_t4t_sm_read_ndef

Title source: llm
STIX 2.1

Description

In rw_t4t_sm_read_ndef of rw_t4t in Android 7.1.1, 7.1.2, 8.0, 8.1 and 9, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege in the NFC service with no additional execution privileges needed. User interaction is not needed for exploitation.

References (1)

Core 1
Core References
Patch, Vendor Advisory x_refsource_misc
https://source.android.com/security/bulletin/2019-09-01

Scores

CVSS v3 7.8
EPSS 0.0019
EPSS Percentile 8.7%
Attack Vector LOCAL
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-787
Status published
Products (5)
google/android 7.1.1
google/android 7.1.2
google/android 8.0
google/android 8.1
google/android 9.0
Published Sep 05, 2019
Tracked Since Feb 18, 2026