At Black Hat 2019 Tencent reveals QualPwn vulnerability which could allow over the air RCE on Android devices using Qualcomm chips
The vulnerabilities, known as QualPwn, can be chained together to first compromise the WiFi controller and then overwrite a portion of the Android Kernel.
CVE-2019-10539: is a buffer-overflow vulnerability in Qualcomm’s Wi-Fi controller firmware. This means maliciously crafted packets of data can introduce arbitrary code which is executed by the WiFi controller. It is then possible to pivot the attack and take over the connected cellular broadband modem (CVE-2019-10540) and so allow all wireless communications on the device to be captured.
CVE-2019-10538: Once malicious code has been injected into the Wifi controller, this vulnerability can be exploited to overwrite parts of the Linux kernel and potentially achieve a full device compromise.
This attack neatly demonstrates the way vulnerabilities are chained together by attackers in order to achieve a device compromise.
The Android security bulletin for August explains how to check if your Android device is vulnerable to these attacks or has been patched already.