CVE-2019-9472

Summary

In DCRYPTO_equals of compare.c, there is a possible timing attack due to improperly used crypto. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-130237611

Affected Software

VendorProductVersion RangeStatus
n/aAndroidAndroid kernelaffected

Weaknesses

  • Information disclosure

ADP Enrichment

CVE Program Container

Additional References

References