CVE-2018-9422 - In get_futex_key of futex.c, there is a use-after-free due to improper locking. This could lead to l

CVE-2018-9422

Summary

In get_futex_key of futex.c, there is a use-after-free due to improper locking. This could lead to local escalation of privilege with no additional privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-74250718 References: Upstream kernel.

References

Vulnerable Configurations

cpe:2.3:o:google:android:-:*:*:*:*:*:*:*
cpe:2.3:o:google:android:-:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

CVSS

Base:	7.2 (as of 19-08-2019 - 20:15)
Impact:
Exploitability:

CWE

CWE-416

CAPEC

Access

Vector	Complexity	Authentication
LOCAL	LOW	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:L/AC:L/Au:N/C:C/I:C/A:C

refmap via4

confirm	https://source.android.com/security/bulletin/2018-07-01
misc	https://bugzilla.suse.com/show_bug.cgi?id=1102001&_ga=2.244341506.661832603.1561012452-1774095668.1553066022
mlist	[debian-lts-announce] 20180714 [SECURITY] [DLA 1422-1] linux security update [debian-lts-announce] 20180715 [SECURITY] [DLA 1422-2] linux security update

Last major update

19-08-2019 - 20:15

Published

06-11-2018 - 17:29

Last modified

19-08-2019 - 20:15