CVE-2018-9365

Summary

In smp_data_received of smp_l2c.cc, there is a possible out of bounds read followed by code execution due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.

Affected Software

VendorProductVersion RangeStatus
GoogleAndrioid6affected
GoogleAndrioid6.0.1affected
GoogleAndrioid7affected
GoogleAndrioid8affected
GoogleAndrioid8.1affected
GoogleAndrioidnyc-mr1-devaffected
GoogleAndrioidnyc-mr2-devaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

References