Use-after-free vulnerability in HalDeathHandlerHidl.cpp allows for local privilege escalation in Android audio server

Use-after-free vulnerability in HalDeathHandlerHidl.cpp allows for local privilege escalation in Android audio server

CVE-2019-2006 · HIGH Severity

AV:N/AC:L/AU:N/C:C/I:C/A:C

In serviceDied of HalDeathHandlerHidl.cpp, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege in the audio server with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9Android ID: A-116665972

Learn more about our Cis Benchmark Audit For Google Android.