Google Android vulnerabilities

CVE-2018-9471 [HIGH] CWE-843 CVE-2018-9471: In the deserialization constructor of NanoAppFilter.java, there is a possible loss of data due to ty In the deserialization constructor of NanoAppFilter.java, there is a possible loss of data due to type confusion. This could lead to local escalation of privilege in the system server with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2018-9477 [HIGH] CWE-862 CVE-2018-9477: In the development options section of the Settings app, there is a possible authentication bypass du In the development options section of the Settings app, there is a possible authentication bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.

CVE-2018-9468 [HIGH] CVE-2018-9468: In query of DownloadManager.java, there is a possible read/write of arbitrary files due to a permiss In query of DownloadManager.java, there is a possible read/write of arbitrary files due to a permissions bypass. This could lead to local information disclosure and file rewriting with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2024-10382 [HIGH] CWE-502 CVE-2024-10382: There exists a code execution vulnerability in the Car App Android Jetpack Library. CarAppService us There exists a code execution vulnerability in the Car App Android Jetpack Library. CarAppService uses deserialization logic that allows construction of arbitrary java classes. This can lead to arbitrary code execution when combined with specific Java deserialization gadgets. An attacker needs to install a malicious application on victims device to be

CVE-2018-9484 [HIGH] CWE-125 CVE-2018-9484: In l2cu_send_peer_config_rej of l2c_utils.cc, there is a possible out of bounds read due to a missin In l2cu_send_peer_config_rej of l2c_utils.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2018-9470 [HIGH] CWE-787 CVE-2018-9470: In bff_Scanner_addOutPos of Scanner.c, there is a possible out-of-bounds write due to an incorrect b In bff_Scanner_addOutPos of Scanner.c, there is a possible out-of-bounds write due to an incorrect bounds check. This could lead to remote escalation of privilege in an unprivileged app with no additional execution privileges needed. User interaction is needed for exploitation.

CVE-2018-9481 [MEDIUM] CWE-190 CVE-2018-9481: In bta_hd_set_report_act of bta_hd_act.cc, there is a possible out-of-bounds read due to an integer In bta_hd_set_report_act of bta_hd_act.cc, there is a possible out-of-bounds read due to an integer overflow. This could lead to remote information disclosure in the Bluetooth service with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2018-9480 [MEDIUM] CWE-125 CVE-2018-9480: In bta_hd_get_report_act of bta_hd_act.cc, there is a possible out-of-bounds read due to improper in In bta_hd_get_report_act of bta_hd_act.cc, there is a possible out-of-bounds read due to improper input validation. This could lead to remote information disclosure in the Bluetooth service with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2018-9487 [MEDIUM] CVE-2018-9487: In setVpnForcedLocked of Vpn.java, there is a possible blocking of internet traffic through vpn due In setVpnForcedLocked of Vpn.java, there is a possible blocking of internet traffic through vpn due to a bad uid check. This could lead to local denial of service with no additional execution privileges needed. User interaction is needed for exploitation.

CVE-2018-9486 [MEDIUM] CWE-125 CVE-2018-9486: In hidh_l2cif_data_ind of hidh_conn.cc, there is a possible out of bounds read due to a missing boun In hidh_l2cif_data_ind of hidh_conn.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure over bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2018-9482 [MEDIUM] CWE-190 CVE-2018-9482: In intr_data_copy_cb of btif_hd.cc, there is a possible out of bounds read due to an integer overflo In intr_data_copy_cb of btif_hd.cc, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure in the Bluetooth service with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2018-9485 [MEDIUM] CWE-125 CVE-2018-9485: In l2cble_process_sig_cmd of l2c_ble.cc, there is a possible out of bounds read due to a missing bou In l2cble_process_sig_cmd of l2c_ble.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure over bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2018-9483 [MEDIUM] CWE-416 CVE-2018-9483: In bta_dm_remove_sec_dev_entry of bta_dm_act.cc, there is a possible out of bounds read due to a use In bta_dm_remove_sec_dev_entry of bta_dm_act.cc, there is a possible out of bounds read due to a use after free. This could lead to remote information disclosure over bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2017-13315 [HIGH] CWE-131 CVE-2017-13315: In writeToParcel and createFromParcel of DcParamObject.java, there is a permission bypass due to a w In writeToParcel and createFromParcel of DcParamObject.java, there is a permission bypass due to a write size mismatch. This could lead to an elevation of privileges where the user can start an activity with system privileges, with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2018-9369 [HIGH] CWE-276 CVE-2018-9369: In bootloader there is fastboot command allowing user specified kernel command line arguments. This In bootloader there is fastboot command allowing user specified kernel command line arguments. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.

CVE-2018-9411 [HIGH] CWE-787 CVE-2018-9411: In decrypt of ClearKeyCasPlugin.cpp there is a possible out-of-bounds write due to a missing bounds In decrypt of ClearKeyCasPlugin.cpp there is a possible out-of-bounds write due to a missing bounds check. This could lead to remote arbitrary code execution with no additional execution privileges needed. User interaction is needed for exploitation.

CVE-2018-9338 [HIGH] CWE-787 CVE-2018-9338: In ResStringPool::setTo of ResourceTypes.cpp, there is a possible out of bounds write due to a missi In ResStringPool::setTo of ResourceTypes.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2018-9368 [HIGH] CWE-787 CVE-2018-9368: In mtkscoaudio debugfs there is a possible arbitrary kernel memory write due to missing bounds check In mtkscoaudio debugfs there is a possible arbitrary kernel memory write due to missing bounds check and weakened SELinux policies. This could lead to local escalation of privilege with system execution privileges needed. User interaction is not needed for exploitation.

CVE-2018-9344 [HIGH] CWE-667 CVE-2018-9344: In several functions of DescramblerImpl.cpp, there is a possible use after free due to improper lock In several functions of DescramblerImpl.cpp, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2018-9339 [HIGH] CWE-843 CVE-2018-9339: In writeTypedArrayList and readTypedArrayList of Parcel.java, there is a possible escalation of priv In writeTypedArrayList and readTypedArrayList of Parcel.java, there is a possible escalation of privilege due to type confusion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.