CVE-2018-9483Use After Free in Google Android

CWE-416Use After FreeCWE-125Out-of-bounds Read3 documents3 sources
Severity
6.5MEDIUMNVD
EPSS
0.3%
top 44.40%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Google Android
Timeline
PublishedNov 20

Description

In bta_dm_remove_sec_dev_entry of bta_dm_act.cc, there is a possible out of bounds read due to a use after free. This could lead to remote information disclosure over bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages3 packages

CVEListV5google/android5 versions+4
NVDgoogle/android6 versions+5

Patches

Patch: source.android.com

🔴Vulnerability Details

1
GHSA
GHSA-hpv6-625j-5g5j: In bta_dm_remove_sec_dev_entry of bta_dm_act2024-11-20

📋Vendor Advisories

1
Android
CVE-2018-9483: Android Security Bulletin 2018-09-01 CVE: CVE-2018-9483 Severity: HIGH Type: ID Affected AOSP versions: 72018-09-01