CVE-2018-9492Incorrect Authorization in INC Android

CWE-863Incorrect Authorization4 documents4 sources
Severity
7.8HIGHNVD
EPSS
0.0%
top 93.09%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Google INC AndroidGoogle Android
Timeline
PublishedOct 2
Latest updateMay 13

Description

In checkGrantUriPermissionLocked of ActivityManagerService.java, there is a possible permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-8.0 Android-8.1 Android-9.0 Android ID: A-111934948

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

NVDgoogle/android8.0, 8.1, 9.0+2
CVEListV5google_inc/androidAndroid-8.0 Android-8.1 Android-9.0

Patches

Patch: android.googlesource.comPatch: android.googlesource.com

🔴Vulnerability Details

2
GHSA
GHSA-4754-5j9c-773m: In checkGrantUriPermissionLocked of ActivityManagerService2022-05-13
CVEList
CVE-2018-9492: In checkGrantUriPermissionLocked of ActivityManagerService2018-10-02

📋Vendor Advisories

1
Android
CVE-2018-9492: Android Security Bulletin 2018-10-01 CVE: CVE-2018-9492 Severity: HIGH Type: EoP Affected AOSP versions: 82018-10-01
CVE-2018-9492 — Incorrect Authorization in INC Android | cvebase