CVE-2017-13238 β€” Sensitive Information Exposure in INC Android

CWE-200 β€” Sensitive Information Exposure4 documents4 sources
Severity
4.2MEDIUMNVD
EPSS
0.0%
top 93.09%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Google INC Android
Timeline
PublishedFeb 12
Latest updateMay 14

Description

In XBLRamDump mode, there is a debug feature that can be used to dump memory contents, if an attacker has physical access to the device. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-64610940.

CVSS vector

CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 0.5 | Impact: 3.6

Affected Packages1 packages

β–ΆCVEListV5google_inc/androidAndroid kernel

πŸ”΄Vulnerability Details

2
GHSA
GHSA-2ghg-9rgq-99xh: In XBLRamDump mode, there is a debug feature that can be used to dump memory contents, if an attacker has physical access to the device↗2022-05-14
β–Ά
CVEList
CVE-2017-13238: In XBLRamDump mode, there is a debug feature that can be used to dump memory contents, if an attacker has physical access to the device↗2018-02-12
β–Ά

πŸ“‹Vendor Advisories

1
Android
CVE-2017-13238: Bootloader↗2018-02-01
β–Ά
CVE-2017-13238 β€” Sensitive Information Exposure | cvebase