CVE-2019-2177 | Vulnerability Database | Aqua Security

NVD

https://nvd.nist.gov/vuln/detail/CVE-2019-2177

CWE

https://cwe.mitre.org/data/definitions/275.html

In isPreferred of HidProfile.java in Android 7.1.1, 7.1.2, 8.0, 8.1 and 9, there is a possible device type confusion due to a permissions bypass. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.

Affected Software

Name	Vendor	Start Version	End Version
Android	Google	7.1.1 (including)	7.1.1 (including)
Android	Google	7.1.2 (including)	7.1.2 (including)
Android	Google	8.0 (including)	8.0 (including)
Android	Google	8.1 (including)	8.1 (including)
Android	Google	9.0 (including)	9.0 (including)

References

https://source.android.com/security/bulletin/2019-09-01
https://source.android.com/security/bulletin/2019-09-01