CVE-2019-9464
MEDIUMAndroid 10 - Incorrect Permission Assignment for Critical Resource in Location Access Warning
Title source: llmDescription
In various functions of RecentLocationApps.java, DevicePolicyManagerService.java, and RecognitionService.java, there is an incorrect warning indicating an app accessed the user's location. This could dissolve the trust in the platform's permission system, with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-141028068
References (1)
Core 1
Core References
Patch, Vendor Advisory x_refsource_misc
https://source.android.com/security/bulletin/2019-12-01
Scores
CVSS v3
5.5
EPSS
0.0036
EPSS Percentile
27.6%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Details
CWE
CWE-732
Status
published
Products (1)
google/android
10.0
Published
Dec 06, 2019
Tracked Since
Feb 18, 2026