CVE-2018-9557

Published: Dec 6, 2018Modified: Nov 21, 2024

7.8

Vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

In really_install_package of install.cpp, there is a possible free of arbitrary memory due to uninitialized data. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2. Android ID: A-35385357.

Affected (3)

Products: Google: Android

1 product

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Google Android	Version 7.0
Google Android	Version 7.1.1
Google Android	Version 7.1.2

Related CWEs

Release of Invalid Pointer or Reference

The product attempts to return a memory resource to the system, but it calls the wrong release function or calls the appropriate release function incorrectly.

Use of Uninitialized Resource

The product uses or accesses a resource that has not been initialized.

References (4)

http://www.securityfocus.com/bid/106147

Source: security@android.com

Third Party AdvisoryVDB Entry

https://source.android.com/security/bulletin/2018-12-01

Source: security@android.com

Vendor Advisory

http://www.securityfocus.com/bid/106147

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://source.android.com/security/bulletin/2018-12-01

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.