# |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
101 |
CVE-2018-9562 |
125 |
|
|
2018-12-06 |
2019-01-02 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
In bta_ag_do_disc of bta_ag_sdp.cc, there is a possible out-of-bound read due to an incorrect parameter size. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-113164621. |
102 |
CVE-2018-9560 |
787 |
|
|
2018-12-06 |
2018-12-31 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
In HID_DevAddRecord of hidd_api.cc, there is a possible out-of-bounds write due to a missing bounds check. This could lead to local escalation of privilege in the Bluetooth service with User execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-79946737. |
103 |
CVE-2018-9559 |
787 |
|
|
2018-12-06 |
2019-01-02 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
In persist_set_key and other functions of cryptfs.cpp, there is a possible out-of-bounds write due to an uncaught error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-112731440. |
104 |
CVE-2018-9558 |
787 |
|
|
2018-12-06 |
2019-01-02 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
In rw_t2t_handle_tlv_detect of rw_t2t_ndef.cc, there is a possible out-of-bounds write due to a missing bounds check. This could lead to local escalation of privilege in the NFC kernel with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-112161557. |
105 |
CVE-2018-9557 |
416 |
|
|
2018-12-06 |
2019-01-02 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
In really_install_package of install.cpp, there is a possible free of arbitrary memory due to uninitialized data. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2. Android ID: A-35385357. |
106 |
CVE-2018-9556 |
787 |
|
Overflow |
2018-12-06 |
2019-01-02 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
In ParsePayloadHeader of payload_metadata.cc, there is a possible out of bounds write due to an integer overflow. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-113118184. |
107 |
CVE-2018-9555 |
787 |
|
|
2018-12-06 |
2019-01-02 |
8.3 |
None |
Local Network |
Low |
Not required |
Complete |
Complete |
Complete |
In l2c_lcc_proc_pdu of l2c_fcr.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote escalation of privilege over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-112321180. |
108 |
CVE-2018-9554 |
200 |
|
Bypass +Info |
2018-12-06 |
2019-01-02 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
In dumpExtractors of IMediaExtractor.cp, there is a possible disclosure of recently accessed media files due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1. Android ID: A-114770654. |
109 |
CVE-2018-9553 |
415 |
|
Exec Code |
2018-12-06 |
2019-01-02 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
In MasteringMetadata::Parse of mkvparser.cc there is a possible double free due to an insecure default value. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-116615297. |
110 |
CVE-2018-9552 |
787 |
|
|
2018-12-06 |
2019-01-02 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
In ihevcd_sao_shift_ctb of ihevcd_sao.c there is a possible out of bounds write due to missing bounds check. This could lead to information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-113260892. |
111 |
CVE-2018-9551 |
787 |
|
Exec Code |
2018-12-06 |
2019-01-02 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
In CAacDecoder_Init of aacdecoder.cpp, there is a possible out-of-bound write due to a missing bounds check. This could lead to remote code execution in the media server with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-112891548. |
112 |
CVE-2018-9550 |
787 |
|
Exec Code |
2018-12-06 |
2019-01-03 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
In CAacDecoder_Init of aacdecoder.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-112660981. |
113 |
CVE-2018-9549 |
787 |
|
Exec Code |
2018-12-06 |
2019-01-03 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
In lppTransposer of lpp_tran.cpp there is a possible out of bounds write due to missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-112160868. |
114 |
CVE-2018-9548 |
275 |
|
Bypass |
2018-12-06 |
2019-01-03 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
In multiple functions of ContentProvider.java, there is a possible permission bypass due to a missing URI validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-112555574. |
115 |
CVE-2018-9547 |
20 |
|
|
2018-12-06 |
2019-01-03 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
In unflatten of GraphicBuffer.cpp, there is a possible bad fd close due to improper input validation. This could lead to local escalation of privilege in the system server with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-8.1 Android-9. Android ID: A-114223584. |
116 |
CVE-2018-9545 |
787 |
|
|
2018-11-14 |
2018-12-17 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
In BTA_HdRegisterApp of bta_hd_api.cc, there is a possible out-of-bound write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-113111784 |
117 |
CVE-2018-9544 |
125 |
|
|
2018-11-14 |
2018-12-17 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
In register_app of btif_hd.cc, there is a possible out-of-bounds read due to a missing bounds check. This could lead to local information disclosure in the Bluetooth service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-113037220 |
118 |
CVE-2018-9543 |
264 |
|
|
2018-11-14 |
2018-12-17 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
In trim_device of f2fs_format_utils.c, it is possible that the data partition is not wiped during a factory reset. This could lead to local information disclosure after factory reset with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-112868088. |
119 |
CVE-2018-9542 |
125 |
|
|
2018-11-14 |
2018-12-17 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
In avrc_pars_vendor_rsp of avrc_pars_ct.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-111896861 |
120 |
CVE-2018-9541 |
125 |
|
|
2018-11-14 |
2018-12-27 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
In avrc_pars_vendor_rsp of avcr_pars_ct.cc, there is a possible out-of-bounds read due to a missing bounds check. This could lead to remote information disclosure in the Bluetooth service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-111450531 |
121 |
CVE-2018-9540 |
125 |
|
|
2018-11-14 |
2018-12-17 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
In avrc_ctrl_pars_vendor_rsp of avrc_pars_ct.c, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-111450417 |
122 |
CVE-2018-9539 |
362 |
|
|
2018-11-14 |
2018-12-17 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
In the ClearKey CAS descrambler, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-8.0 Android-8.1 Android-9. Android ID: A-113027383 |
123 |
CVE-2018-9538 |
125 |
|
Exec Code |
2018-12-06 |
2019-01-02 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
In V4L2SliceVideoDecodeAccelerator::Dequeue of v4l2_slice_video_decode_accelerator.cc, there is a possible out of bounds read of a function pointer due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-8.1 Android-9. Android ID: A-112181526. |
124 |
CVE-2018-9537 |
787 |
|
Exec Code |
2018-11-14 |
2018-12-27 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
In CAacDecoder_DecodeFrame of aacdecode.cpp, there is a possible out-of-bounds write due to a missing bounds check. This could lead to remote code execution in the media server with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-112891564 |
125 |
CVE-2018-9536 |
787 |
|
Exec Code |
2018-11-14 |
2018-12-14 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
In numerous functions of libFDK, there are possible out of bounds writes due to incorrect bounds checks. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-112662184 |
126 |
CVE-2018-9535 |
787 |
|
Exec Code |
2018-11-14 |
2018-12-14 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
In ixheaacd_reset_acelp_data_fix of ixheaacd_lpc.c there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-112858010 |
127 |
CVE-2018-9534 |
787 |
|
Exec Code |
2018-11-14 |
2018-12-14 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
In ixheaacd_mps_getstridemap of ixheaacd_mps_parse.c there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-112857941 |
128 |
CVE-2018-9533 |
119 |
|
Exec Code Overflow |
2018-11-14 |
2018-12-14 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
In ixheaacd_dec_data_init of ixheaacd_create.c there is a possible out of write read due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-112766520 |
129 |
CVE-2018-9532 |
787 |
|
Exec Code |
2018-11-14 |
2018-12-14 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
In ixheaacd_extract_frame_info_ld of ixheaacd_env_extr.c there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-112765917 |
130 |
CVE-2018-9531 |
787 |
|
Exec Code |
2018-11-14 |
2018-12-14 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
In AudioSpecificConfig_Parse of tpdec_asc.cpp, there is a possible out-of-bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-112661641 |
131 |
CVE-2018-9530 |
787 |
|
Exec Code |
2018-11-14 |
2018-12-14 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
In ixheaacd_tns_ar_filter_dec of ixheaacd_aac_tns.c there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-112609715 |
132 |
CVE-2018-9529 |
787 |
|
Exec Code |
2018-11-14 |
2018-12-14 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
In ixheaacd_individual_ch_stream of ixheaacd_channel.c there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-112551874 |
133 |
CVE-2018-9528 |
787 |
|
Exec Code |
2018-11-14 |
2018-12-14 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
In ixheaacd_over_lap_add1_armv8 of ixheaacd_overlap_add1.s there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-112551721 |
134 |
CVE-2018-9527 |
787 |
|
Exec Code |
2018-11-14 |
2018-12-14 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
In vorbis_book_decodev_set of codebook.c there is a possible out of bounds write due to missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-112159345 |
135 |
CVE-2018-9526 |
200 |
|
+Info |
2018-11-14 |
2018-12-14 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
In device configuration data, there is an improperly configured setting. This could lead to remote disclosure of device location. User interaction is not needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-112159033 |
136 |
CVE-2018-9525 |
275 |
|
Bypass |
2018-11-14 |
2018-12-27 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
In the AndroidManifest.xml file defining the SliceBroadcastReceiver handler for com.android.settings.slice.action.WIFI_CHANGED, there is a possible permissions bypass due to a confused deputy. This could lead to local escalation of privilege, allowing a local attacker to change device settings, with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-111330641 |
137 |
CVE-2018-9524 |
264 |
|
|
2018-11-14 |
2018-12-27 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
In functionality implemented in System UI, there are insufficient protections implemented around overlay windows. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1. Android ID: A-34170870 |
138 |
CVE-2018-9523 |
20 |
|
|
2018-11-14 |
2018-12-27 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
In Parcel.writeMapInternal of Parcel.java, there is a possible parcel serialization/deserialization mismatch due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-112859604 |
139 |
CVE-2018-9522 |
787 |
|
|
2018-11-14 |
2018-12-27 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
In the serialization functions of StatsLogEventWrapper.java, there is a possible out-of-bounds write due to unnecessary functionality which may be abused. This could lead to local escalation of privilege in the system process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-112550251 |
140 |
CVE-2018-9521 |
787 |
|
Exec Code |
2018-11-14 |
2018-12-27 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
In parseMPEGCCData of NuPlayer2CCDecoder.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution in an unprivileged process with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-111874331 |
141 |
CVE-2018-9519 |
362 |
|
|
2018-12-07 |
2019-01-08 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
In easelcomm_hw_build_scatterlist, there is a possible out of bounds write due to a race condition. This could lead to local escalation of privilege with System privileges required. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-69808833. |
142 |
CVE-2018-9518 |
787 |
|
Exec Code |
2018-12-07 |
2019-01-02 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
In nfc_llcp_build_sdreq_tlv of llcp_commands.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-73083945. |
143 |
CVE-2018-9517 |
416 |
|
Mem. Corr. |
2018-12-07 |
2019-01-08 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
In pppol2tp_connect, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-38159931. |
144 |
CVE-2018-9516 |
787 |
|
|
2018-11-06 |
2018-12-12 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
In hid_debug_events_read of drivers/hid/hid-debug.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-71361580. |
145 |
CVE-2018-9515 |
264 |
|
Mem. Corr. |
2018-10-02 |
2018-11-20 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
In sdcardfs_create and sdcardfs_mkdir of inode.c, there is a possible memory corruption due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-111641492 References: N/A |
146 |
CVE-2018-9514 |
416 |
|
|
2018-10-02 |
2018-12-20 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
In sdcardfs_open of file.c, there is a possible Use After Free due to an unusual root cause. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-111642636 References: N/A |
147 |
CVE-2018-9513 |
415 |
|
Mem. Corr. |
2018-10-02 |
2018-11-20 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
In copy_process of fork.c, there is possible memory corruption due to a double free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-111081202 References: N/A |
148 |
CVE-2018-9511 |
254 |
|
DoS |
2018-10-02 |
2018-11-20 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
In ipSecSetEncapSocketOwner of XfrmController.cpp, there is a possible failure to initialize a security feature due to uninitialized data. This could lead to local denial of service of IPsec on sockets with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-9.0 Android ID: A-111650288 |
149 |
CVE-2018-9510 |
200 |
|
+Info |
2018-10-02 |
2018-11-20 |
6.1 |
None |
Local Network |
Low |
Not required |
Complete |
None |
None |
In smp_proc_enc_info of smp_act.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0 Android ID: A-111937065 |
150 |
CVE-2018-9509 |
200 |
|
+Info |
2018-10-02 |
2018-11-20 |
6.1 |
None |
Local Network |
Low |
Not required |
Complete |
None |
None |
In smp_proc_master_id of smp_act.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0 Android ID: A-111937027 |