Device Type Confusion Vulnerability in HidProfile.java Allows Remote Code Execution
CVE-2019-2177 · MEDIUM Severity
AV:N/AC:M/AU:N/C:P/I:P/A:P
In isPreferred of HidProfile.java in Android 7.1.1, 7.1.2, 8.0, 8.1 and 9, there is a possible device type confusion due to a permissions bypass. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.
Learn more about our Cis Benchmark Audit For Google Android.