CVE-2018-9339

Published: Nov 19, 2024Modified: Nov 22, 2024

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

In writeTypedArrayList and readTypedArrayList of Parcel.java, there is a possible escalation of privilege due to type confusion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Affected (2)

Products: Google: Android

1 product

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Google Android	Version 8.0
Google Android	Version 8.1

Related CWEs

Incorrect Type Conversion or Cast

The product does not correctly convert an object, resource, or structure from one type to a different type.

Access of Resource Using Incompatible Type ('Type Confusion')

The product allocates or initializes a resource such as a pointer, object, or variable using one type, but it later accesses that resource using a type that is incompatible with the original type.

References (1)

https://source.android.com/security/bulletin/2018-06-01

Source: security@android.com

PatchVendor Advisory

Timeline

No history available yet.