CVE-2018-9471Type Confusion in Google Android

CWE-843Type ConfusionCWE-787Out-of-bounds Write3 documents3 sources
Severity
7.8HIGHNVD
EPSS
0.1%
top 66.00%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Google Android
Timeline
PublishedNov 20

Description

In the deserialization constructor of NanoAppFilter.java, there is a possible loss of data due to type confusion. This could lead to local escalation of privilege in the system server with no additional execution privileges needed. User interaction is not needed for exploitation.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages3 packages

CVEListV5google/android5 versions+4
NVDgoogle/android6 versions+5

Patches

Patch: source.android.com

🔴Vulnerability Details

1
GHSA
GHSA-45c5-w4j9-w656: In the deserialization constructor of NanoAppFilter2024-11-20

📋Vendor Advisories

1
Android
CVE-2018-9471: Android Security Bulletin 2018-09-01 CVE: CVE-2018-9471 Severity: HIGH Type: EoP Affected AOSP versions: 72018-09-01