Vulnerability Details : CVE-2018-9490
In CollectValuesOrEntriesImpl of elements.cc, there is possible remote code execution due to type confusion. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0 Android ID: A-111274046
Published
2018-10-02 19:29:03
Updated
2018-12-28 19:18:55
Vulnerability category: Execute code
Products affected by CVE-2018-9490
- cpe:2.3:o:google:android:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:google:android:7.1.2:*:*:*:*:*:*:*
- cpe:2.3:o:google:android:7.1.1:*:*:*:*:*:*:*
- cpe:2.3:o:google:android:8.0:*:*:*:*:*:*:*
- cpe:2.3:o:google:android:8.1:*:*:*:*:*:*:*
- cpe:2.3:o:google:android:9.0:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2018-9490
0.63%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 79 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2018-9490
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
9.3
|
HIGH | AV:N/AC:M/Au:N/C:C/I:C/A:C |
8.6
|
10.0
|
NIST | |
7.8
|
HIGH | CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
1.8
|
5.9
|
NIST |
CWE ids for CVE-2018-9490
-
The product does not correctly convert an object, resource, or structure from one type to a different type.Assigned by: nvd@nist.gov (Primary)
References for CVE-2018-9490
-
http://www.securityfocus.com/bid/105484
Google Android 'Framework' Component Multiple Security VulnerabilitiesThird Party Advisory;VDB Entry
-
https://android.googlesource.com/platform/external/chromium-libpac/+/948d4753664cc4e6b33cc3de634ac8fd5f781382,
Error NOT_FOUNDPatch;Third Party Advisory
-
https://source.android.com/security/bulletin/2018-10-01,
404 | Page Not Found | Android Open Source ProjectVendor Advisory
-
https://android.googlesource.com/platform/external/v8/+/a24543157ae2cdd25da43e20f4e48a07481e6ceb
a24543157ae2cdd25da43e20f4e48a07481e6ceb - platform/external/v8 - Git at GooglePatch;Third Party Advisory
Jump to