Device Type Confusion Vulnerability in HidProfile.java Allows Remote Code Execution

Device Type Confusion Vulnerability in HidProfile.java Allows Remote Code Execution

CVE-2019-2177 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:P/A:P

In isPreferred of HidProfile.java in Android 7.1.1, 7.1.2, 8.0, 8.1 and 9, there is a possible device type confusion due to a permissions bypass. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.

Learn more about our Cis Benchmark Audit For Google Android.