Use-after-free vulnerability in avrcp_service.cc allows for local privilege escalation in Android Bluetooth service

Use-after-free vulnerability in avrcp_service.cc allows for local privilege escalation in Android Bluetooth service

CVE-2019-2049 · HIGH Severity

AV:L/AC:L/AU:N/C:C/I:C/A:C

In SendMediaUpdate and SendFolderUpdate of avrcp_service.cc, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege in the Bluetooth service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-9 Android ID: A-120445479

Learn more about our Cis Benchmark Audit For Google Android.