CVE-2018-9475

Summary

In HeadsetInterface::ClccResponse of btif_hf.cc, there is a possible out of bounds stack write due to a missing bounds check. This could lead to remote escalation of privilege via Bluetooth, if the recipient has enabled SIP calls with no additional execution privileges needed. User interaction is not needed for exploitation.

Affected Software

VendorProductVersion RangeStatus
GoogleAndroid7affected
GoogleAndroid8affected
GoogleAndroid8.1affected
GoogleAndroid9affected
GoogleAndroidnyc-mr1-devaffected
GoogleAndroidnyc-mr2-devaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References