CVE-2019-9254
HIGHAndroid 10 - Local Privilege Escalation via Improper Input Validation in zygote.java
Title source: llmDescription
In readArgumentList of zygote.java in Android 10, there is a possible command injection due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_misc
https://source.android.com/security/bulletin/2019-09-01
Scores
CVSS v3
7.8
EPSS
0.0042
EPSS Percentile
33.9%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-20
CWE-77
Status
published
Products (1)
google/android
10.0
Published
Sep 05, 2019
Tracked Since
Feb 18, 2026