These three critical flaws (CVE-2019-2106, CVE-2019-2107, CVE-2019-2109) exist in Android’s Media framework. This framework includes support for playing variety of common media types, so that users can easily utilize audio, video and images.
The flaws “could enable a remote attacker using a specially crafted file to execute arbitrary code within the context of a privileged process” according to Google.
Another critical vulnerability (CVE-2019-2111) also exists in the Android operating system. The critical remote code execution flaw could allow a remote attacker using a specially crafted file to execute arbitrary code, according to the advisory.
Overall, the operating system had six other high-severity vulnerabilities, including four information disclosure flaws (CVE-2019-2116, CVE-2019-2117, CVE-2019-2118, CVE-2019-2119) and two elevation of privilege flaws (CVE-2019-2112, CVE-2019-2113).
Also patched was a high severity information disclosure flaw (CVE-2019-2104) in the Android framework, and a high-severity remote code execution vulnerability (CVE-2019-2105) in the Android library.
Qualcomm Patches
Google also patched 21 CVEs related to Qualcomm components, which are used in Android devices. Included are a slew of vulnerabilities impacting various Qualcomm components, including kernel, audio and closed-source components. These include five critical severity vulnerabilities and 16 high-severity flaws.
Discussion Zen 5 Speculation (EPYC Turin and Strix Point/Granite Ridge - Ryzen 9000)
Discussion Intel current and future Lakes & Rapids thread
Facebook
Twitter