{"id":"ASB-A-137284057","details":"In SurfaceFlinger::createLayer of SurfaceFlinger.cpp, there is a possible arbitrary code execution due to improper casting. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","aliases":["A-137284057","CVE-2019-2194"],"modified":"2026-05-29T15:55:33.750044621Z","published":"2020-10-01T00:00:00Z","references":[{"type":"ADVISORY","url":"https://source.android.com/security/bulletin/2020-10-01"},{"type":"FIX","url":"https://android.googlesource.com/platform/frameworks/native/+/76923a32ab6ea25115b65ff86ade7235ba7b3a33"}],"affected":[{"package":{"name":"platform/frameworks/native","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"9:0"},{"fixed":"9:2020-10-01"}]}],"versions":["9"],"ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/native/+/76923a32ab6ea25115b65ff86ade7235ba7b3a33"],"vanir_signatures":[{"signature_version":"v1","digest":{"line_hashes":["295989999399011492101666861141714915013","315488111032126050778635536449358085636","15858448146814839372082332464563811561","313470107994509140792639498939639838925"],"threshold":0.9},"signature_type":"Line","target":{"file":"services/surfaceflinger/SurfaceFlinger.cpp"},"deprecated":false,"id":"ASB-A-137284057-76b0a98b","source":"https://android.googlesource.com/platform/frameworks/native/+/76923a32ab6ea25115b65ff86ade7235ba7b3a33"},{"signature_version":"v1","digest":{"function_hash":"117679393179474112100511435737374720560","length":445},"signature_type":"Function","target":{"function":"SurfaceFlinger::onLayerRemoved","file":"services/surfaceflinger/SurfaceFlinger.cpp"},"deprecated":false,"id":"ASB-A-137284057-def13afe","source":"https://android.googlesource.com/platform/frameworks/native/+/76923a32ab6ea25115b65ff86ade7235ba7b3a33"}],"severity":"Moderate","types":["EoP"],"spl":"2020-10-01"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-137284057.json"}}],"schema_version":"1.7.5"}