Google Inc Android vulnerabilities

CVE-2018-9446 [CRITICAL] CWE-787 CVE-2018-9446: In smp_br_state_machine_event of smp_br_main.cc, there is a possible out of bounds write due to memo In smp_br_state_machine_event of smp_br_main.cc, there is a possible out of bounds write due to memory corruption. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Andro

CVE-2018-9355 [CRITICAL] CWE-787 CVE-2018-9355: In bta_dm_sdp_result of bta_dm_act.cc, there is a possible out of bounds stack write due to a missin In bta_dm_sdp_result of bta_dm_act.cc, there is a possible out of bounds stack write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Andr

CVE-2018-9422 [HIGH] CWE-416 CVE-2018-9422: In get_futex_key of futex.c, there is a use-after-free due to improper locking. This could lead to l In get_futex_key of futex.c, there is a use-after-free due to improper locking. This could lead to local escalation of privilege with no additional privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-74250718 References: Upstream kernel.

CVE-2018-9459 [HIGH] CWE-22 CVE-2018-9459: In Attachment of Attachment.java and getFilePath of EmlAttachmentProvider.java, there is a possible In Attachment of Attachment.java and getFilePath of EmlAttachmentProvider.java, there is a possible Elevation of Privilege due to a path traversal error. This could lead to a remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 A

CVE-2018-9415 [HIGH] CWE-415 CVE-2018-9415: In driver_override_store and driver_override_show of bus.c, there is a possible double free due to i In driver_override_store and driver_override_show of bus.c, there is a possible double free due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-69129004 References: Upstream kernel.

CVE-2018-9427 [HIGH] CWE-787 CVE-2018-9427: In CopyToOMX of OMXNodeInstance.cpp there is a possible out-of-bounds write due to an incorrect boun In CopyToOMX of OMXNodeInstance.cpp there is a possible out-of-bounds write due to an incorrect bounds check. This could lead to remote arbitrary code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-8.0 Android-8.1 Android ID: A-77486542.

CVE-2018-9458 [HIGH] CWE-1021 CVE-2018-9458: In computeFocusedWindow of RootWindowContainer.java, and related functions, there is possible interc In computeFocusedWindow of RootWindowContainer.java, and related functions, there is possible interception of keypresses due to focus being on the wrong window. This could lead to local escalation of privilege revealing the user's keypresses while the screen was locked with no additional execution privileges needed. User interaction is needed for explo

CVE-2018-9359 [HIGH] CWE-125 CVE-2018-9359: In process_l2cap_cmd of l2c_main.cc, there is a possible out of bounds read due to a missing bounds In process_l2cap_cmd of l2c_main.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.

CVE-2018-9450 [HIGH] CWE-787 CVE-2018-9450: In avrc_proc_vendor_command of avrc_api.cc, there is a possible out of bounds write due to a missing In avrc_proc_vendor_command of avrc_api.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8

CVE-2018-9436 [HIGH] CWE-125 CVE-2018-9436: In bnep_data_ind of bnep_main.cc, there is a possible out of bounds read due to a missing bounds che In bnep_data_ind of bnep_main.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0

CVE-2018-9358 [HIGH] CWE-125 CVE-2018-9358: In gatts_process_attribute_req of gatt_sc.cc, there is a possible read of uninitialized data due to In gatts_process_attribute_req of gatt_sc.cc, there is a possible read of uninitialized data due to a missing bounds check. This could lead to remote information disclosure in the Bluetooth process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 Android-

CVE-2018-9489 [HIGH] CWE-200 CVE-2018-9489: When wifi is switched, function sendNetworkStateChangeBroadcast of WifiStateMachine.java broadcasts When wifi is switched, function sendNetworkStateChangeBroadcast of WifiStateMachine.java broadcasts an intent including detailed wifi network information. This could lead to information disclosure with no execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Androi

CVE-2018-9363 [HIGH] CWE-190 CVE-2018-9363: In the hidp_process_report in bluetooth, there is an integer overflow. This could lead to an out of In the hidp_process_report in bluetooth, there is an integer overflow. This could lead to an out of bounds write with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-65853588 References: Upstream kernel.

CVE-2018-9488 [HIGH] CWE-863 CVE-2018-9488: In the SELinux permissions of crash_dump.te, there is a permissions bypass due to a missing restrict In the SELinux permissions of crash_dump.te, there is a permissions bypass due to a missing restriction. This could lead to a local escalation of privilege, with System privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-8.0 Android-8.1 Android-9.0 Android ID: A-110107376.

CVE-2018-9516 [HIGH] CWE-787 CVE-2018-9516: In hid_debug_events_read of drivers/hid/hid-debug.c, there is a possible out of bounds write due to In hid_debug_events_read of drivers/hid/hid-debug.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-71361580.

CVE-2018-9385 [HIGH] CWE-787 CVE-2018-9385: In driver_override_store of bus.c, there is a possible out of bounds write due to an incorrect bound In driver_override_store of bus.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-74128061 References: Upstream kernel.

CVE-2018-9357 [HIGH] CWE-787 CVE-2018-9357: In BNEP_Write of bnep_api.cc, there is a possible out of bounds write due to an incorrect bounds che In BNEP_Write of bnep_api.cc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8

CVE-2018-9448 [HIGH] CWE-125 CVE-2018-9448: In avct_bcb_msg_ind of avct_bcb_act.cc, there is a possible out of bounds read due to a missing boun In avct_bcb_msg_ind of avct_bcb_act.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-8.0 Android-8.1 Android ID: A-79944113.

CVE-2018-9362 [HIGH] CWE-20 CVE-2018-9362: In processMessagePart of InboundSmsHandler.java, there is a possible remote denial of service due to In processMessagePart of InboundSmsHandler.java, there is a possible remote denial of service due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-

CVE-2018-9465 [HIGH] CWE-416 CVE-2018-9465: In task_get_unused_fd_flags of binder.c, there is a possible memory corruption due to a use after fr In task_get_unused_fd_flags of binder.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-69164715 References: Upstream kernel.