CVE-2018-9487

Published: Nov 20, 2024Modified: Dec 19, 2024

5.5

Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

In setVpnForcedLocked of Vpn.java, there is a possible blocking of internet traffic through vpn due to a bad uid check. This could lead to local denial of service with no additional execution privileges needed. User interaction is needed for exploitation.

Affected (3)

Products: Google: Android

Google

1 product

Android

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Google Android	Version 8.0
Google Android	Version 8.1
Google Android	Version 9.0

References (1)

https://source.android.com/security/bulletin/2018-09-01

Source: security@android.com

PatchVendor Advisory

Timeline

No history available yet.