Eleven critical Android bugs were patched as part of Google’s March Security Update. Three of them were tied to Android’s media framework and core system, while the others were related to faulty Qualcomm chip components.
Out of those critical bugs, Google patched three critical remote code-execution (RCE) bugs, including two critical media framework vulnerabilities (CVE-2019-1989 and CVE-2019-1990) that impact Android 7.0 (Nougat) and after.
While CVE data isn’t yet available, a technical description posted on The LineageOS Project website indicates that both of these are tied to the Android’s video-control API commands.
