CVE-2018-9384Sensitive Information Exposure in Google Android

CWE-200Sensitive Information ExposureCWE-862Missing Authorization3 documents3 sources
Severity
4.4MEDIUMNVD
EPSS
0.0%
top 99.87%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Google Android
Timeline
PublishedJan 17
Latest updateJan 18

Description

In multiple locations, there is a possible way to bypass KASLR due to an unusual root cause. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:NExploitability: 0.8 | Impact: 3.6

Affected Packages1 packages

CVEListV5google/androidAndroid Kernel

Patches

Patch: source.android.com

🔴Vulnerability Details

2
GHSA
GHSA-3w84-2h42-qpcw: In multiple locations, there is a possible way to bypass KASLR due to an unusual root cause2025-01-18
CVEList
CVE-2018-9384: In multiple locations, there is a possible way to bypass KASLR due to an unusual root cause2025-01-17
CVE-2018-9384 — Sensitive Information Exposure | cvebase