Missing Permission Check in endCall() Function of TelecomManager.java Leads to Denial of Service Vulnerability in Android

Missing Permission Check in endCall() Function of TelecomManager.java Leads to Denial of Service Vulnerability in Android

CVE-2019-2137 · MEDIUM Severity

AV:L/AC:L/AU:N/C:N/I:N/A:C

In the endCall() function of TelecomManager.java, there is a possible Denial of Service due to a missing permission check. This could lead to local denial of access to Emergency Services with User execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-132438333.

Learn more about our Cis Benchmark Audit For Google Android.