CVE-2018-9476
N/A
N/A
Summary
In avrc_pars_browsing_cmd of avrc_pars_tg.cc, there is a possible use-after-free due to improper locking. This could lead to remote escalation of privilege in the Bluetooth service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-8.0 Android-8.1 Android ID: A-109699112
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Google Inc. | Android | Android-8.0 Android-8.1 | affected |
Weaknesses
- Elevation of privilege
ADP Enrichment
CVE Program Container
Additional References
- http://www.securityfocus.com/bid/105482
- https://source.android.com/security/bulletin/2018-10-01%2C
- https://android.googlesource.com/platform/system/bt/+/dd28d8ddf2985d654781770c691c60b45d7f32b4
References
- http://www.securityfocus.com/bid/105482
- https://source.android.com/security/bulletin/2018-10-01%2C
- https://android.googlesource.com/platform/system/bt/+/dd28d8ddf2985d654781770c691c60b45d7f32b4
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.