ID CVE-2018-9560
Summary In HID_DevAddRecord of hidd_api.cc, there is a possible out-of-bounds write due to a missing bounds check. This could lead to local escalation of privilege in the Bluetooth service with User execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-79946737.
References
Vulnerable Configurations
  • cpe:2.3:o:google:android:9
    cpe:2.3:o:google:android:9
CVSS
Base: 4.6
Impact:
Exploitability:
CWE CWE-787
CAPEC
refmap via4
bid 106147
confirm https://source.android.com/security/bulletin/2018-12-01
Last major update 06-12-2018 - 09:29
Published 06-12-2018 - 09:29
Last modified 31-12-2018 - 15:51
Back to Top