Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTFR-2018-AVI-465
Vulnerability from certfr_avis - Published: 2018-10-02 - Updated: 2018-10-02
De multiples vulnérabilités ont été découvertes dans Google Android. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, un déni de service et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Google Android toutes versions n\u0027int\u00e9grant pas le correctif de s\u00e9curit\u00e9 du 1 octobre 2018",
"product": {
"name": "Android",
"vendor": {
"name": "Google",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2018-9505",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-9505"
},
{
"name": "CVE-2018-9509",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-9509"
},
{
"name": "CVE-2018-9499",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-9499"
},
{
"name": "CVE-2018-9473",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-9473"
},
{
"name": "CVE-2017-13283",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13283"
},
{
"name": "CVE-2018-9452",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-9452"
},
{
"name": "CVE-2018-9513",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-9513"
},
{
"name": "CVE-2018-9496",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-9496"
},
{
"name": "CVE-2018-9508",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-9508"
},
{
"name": "CVE-2018-9503",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-9503"
},
{
"name": "CVE-2018-9514",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-9514"
},
{
"name": "CVE-2018-9492",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-9492"
},
{
"name": "CVE-2018-9510",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-9510"
},
{
"name": "CVE-2018-9490",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-9490"
},
{
"name": "CVE-2018-9498",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-9498"
},
{
"name": "CVE-2018-9504",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-9504"
},
{
"name": "CVE-2018-9491",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-9491"
},
{
"name": "CVE-2018-9493",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-9493"
},
{
"name": "CVE-2018-9502",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-9502"
},
{
"name": "CVE-2018-9511",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-9511"
},
{
"name": "CVE-2018-9497",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-9497"
},
{
"name": "CVE-2018-9507",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-9507"
},
{
"name": "CVE-2018-9501",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-9501"
},
{
"name": "CVE-2018-9476",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-9476"
},
{
"name": "CVE-2018-9506",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-9506"
},
{
"name": "CVE-2018-9515",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-9515"
}
],
"initial_release_date": "2018-10-02T00:00:00",
"last_revision_date": "2018-10-02T00:00:00",
"links": [],
"reference": "CERTFR-2018-AVI-465",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2018-10-02T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Google Android.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire, un d\u00e9ni de service et une atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Google Android",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Android du 1 octobre 2018",
"url": "https://source.android.com/security/bulletin/2018-10-01.html"
}
]
}
CVE-2018-9509 (GCVE-0-2018-9509)
Vulnerability from cvelistv5 – Published: 2018-10-02 19:00 – Updated: 2024-09-17 00:06
VLAI
EPSS
Summary
In smp_proc_master_id of smp_act.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0 Android ID: A-111937027
Severity
No CVSS data available.
CWE
- Information disclosure
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://android.googlesource.com/platform/system/… | x_refsource_MISC |
| http://www.securityfocus.com/bid/105482 | vdb-entryx_refsource_BID |
| https://source.android.com/security/bulletin/2018… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Google Inc. | Android |
Affected:
Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0
|
Date Public
2018-10-02 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:24:55.707Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://android.googlesource.com/platform/system/bt/+/198888b8e0163bab7a417161c63e483804ae8e31"
},
{
"name": "105482",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105482"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://source.android.com/security/bulletin/2018-10-01%2C"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Android",
"vendor": "Google Inc.",
"versions": [
{
"status": "affected",
"version": "Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0"
}
]
}
],
"datePublic": "2018-10-02T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "In smp_proc_master_id of smp_act.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0 Android ID: A-111937027"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-04T09:57:01.000Z",
"orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"shortName": "google_android"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://android.googlesource.com/platform/system/bt/+/198888b8e0163bab7a417161c63e483804ae8e31"
},
{
"name": "105482",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/105482"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://source.android.com/security/bulletin/2018-10-01%2C"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"DATE_PUBLIC": "2018-10-02T00:00:00",
"ID": "CVE-2018-9509",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Android",
"version": {
"version_data": [
{
"version_value": "Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0"
}
]
}
}
]
},
"vendor_name": "Google Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In smp_proc_master_id of smp_act.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0 Android ID: A-111937027"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://android.googlesource.com/platform/system/bt/+/198888b8e0163bab7a417161c63e483804ae8e31",
"refsource": "MISC",
"url": "https://android.googlesource.com/platform/system/bt/+/198888b8e0163bab7a417161c63e483804ae8e31"
},
{
"name": "105482",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105482"
},
{
"name": "https://source.android.com/security/bulletin/2018-10-01,",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2018-10-01,"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"assignerShortName": "google_android",
"cveId": "CVE-2018-9509",
"datePublished": "2018-10-02T19:00:00.000Z",
"dateReserved": "2018-04-05T00:00:00.000Z",
"dateUpdated": "2024-09-17T00:06:57.043Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-9510 (GCVE-0-2018-9510)
Vulnerability from cvelistv5 – Published: 2018-10-02 19:00 – Updated: 2024-09-17 02:36
VLAI
EPSS
Summary
In smp_proc_enc_info of smp_act.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0 Android ID: A-111937065
Severity
No CVSS data available.
CWE
- Information disclosure
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/105482 | vdb-entryx_refsource_BID |
| https://source.android.com/security/bulletin/2018… | x_refsource_CONFIRM |
| https://android.googlesource.com/platform/system/… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Google Inc. | Android |
Affected:
Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0
|
Date Public
2018-10-02 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:24:55.849Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "105482",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105482"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://source.android.com/security/bulletin/2018-10-01%2C"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://android.googlesource.com/platform/system/bt/+/6e4b8e505173f803a5fc05abc09f64eef89dc308"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Android",
"vendor": "Google Inc.",
"versions": [
{
"status": "affected",
"version": "Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0"
}
]
}
],
"datePublic": "2018-10-02T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "In smp_proc_enc_info of smp_act.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0 Android ID: A-111937065"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-04T09:57:01.000Z",
"orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"shortName": "google_android"
},
"references": [
{
"name": "105482",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/105482"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://source.android.com/security/bulletin/2018-10-01%2C"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://android.googlesource.com/platform/system/bt/+/6e4b8e505173f803a5fc05abc09f64eef89dc308"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"DATE_PUBLIC": "2018-10-02T00:00:00",
"ID": "CVE-2018-9510",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Android",
"version": {
"version_data": [
{
"version_value": "Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0"
}
]
}
}
]
},
"vendor_name": "Google Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In smp_proc_enc_info of smp_act.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0 Android ID: A-111937065"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "105482",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105482"
},
{
"name": "https://source.android.com/security/bulletin/2018-10-01,",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2018-10-01,"
},
{
"name": "https://android.googlesource.com/platform/system/bt/+/6e4b8e505173f803a5fc05abc09f64eef89dc308",
"refsource": "MISC",
"url": "https://android.googlesource.com/platform/system/bt/+/6e4b8e505173f803a5fc05abc09f64eef89dc308"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"assignerShortName": "google_android",
"cveId": "CVE-2018-9510",
"datePublished": "2018-10-02T19:00:00.000Z",
"dateReserved": "2018-04-05T00:00:00.000Z",
"dateUpdated": "2024-09-17T02:36:07.667Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-9511 (GCVE-0-2018-9511)
Vulnerability from cvelistv5 – Published: 2018-10-02 19:00 – Updated: 2024-09-16 16:58
VLAI
EPSS
Summary
In ipSecSetEncapSocketOwner of XfrmController.cpp, there is a possible failure to initialize a security feature due to uninitialized data. This could lead to local denial of service of IPsec on sockets with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-9.0 Android ID: A-111650288
Severity
No CVSS data available.
CWE
- Denial of service
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/105482 | vdb-entryx_refsource_BID |
| https://source.android.com/security/bulletin/2018… | x_refsource_CONFIRM |
| https://android.googlesource.com/platform/system/… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Google Inc. | Android |
Affected:
Android-9.0
|
Date Public
2018-10-02 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:24:56.143Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "105482",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105482"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://source.android.com/security/bulletin/2018-10-01%2C"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://android.googlesource.com/platform/system/netd/+/931418b16c7197ca2df34c2a5609e49791125abe"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Android",
"vendor": "Google Inc.",
"versions": [
{
"status": "affected",
"version": "Android-9.0"
}
]
}
],
"datePublic": "2018-10-02T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "In ipSecSetEncapSocketOwner of XfrmController.cpp, there is a possible failure to initialize a security feature due to uninitialized data. This could lead to local denial of service of IPsec on sockets with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-9.0 Android ID: A-111650288"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of service",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-04T09:57:01.000Z",
"orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"shortName": "google_android"
},
"references": [
{
"name": "105482",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/105482"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://source.android.com/security/bulletin/2018-10-01%2C"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://android.googlesource.com/platform/system/netd/+/931418b16c7197ca2df34c2a5609e49791125abe"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"DATE_PUBLIC": "2018-10-02T00:00:00",
"ID": "CVE-2018-9511",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Android",
"version": {
"version_data": [
{
"version_value": "Android-9.0"
}
]
}
}
]
},
"vendor_name": "Google Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In ipSecSetEncapSocketOwner of XfrmController.cpp, there is a possible failure to initialize a security feature due to uninitialized data. This could lead to local denial of service of IPsec on sockets with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-9.0 Android ID: A-111650288"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "105482",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105482"
},
{
"name": "https://source.android.com/security/bulletin/2018-10-01,",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2018-10-01,"
},
{
"name": "https://android.googlesource.com/platform/system/netd/+/931418b16c7197ca2df34c2a5609e49791125abe",
"refsource": "MISC",
"url": "https://android.googlesource.com/platform/system/netd/+/931418b16c7197ca2df34c2a5609e49791125abe"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"assignerShortName": "google_android",
"cveId": "CVE-2018-9511",
"datePublished": "2018-10-02T19:00:00.000Z",
"dateReserved": "2018-04-05T00:00:00.000Z",
"dateUpdated": "2024-09-16T16:58:51.731Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-9513 (GCVE-0-2018-9513)
Vulnerability from cvelistv5 – Published: 2018-10-02 19:00 – Updated: 2024-09-17 01:51
VLAI
EPSS
Summary
In copy_process of fork.c, there is possible memory corruption due to a double free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-111081202 References: N/A
Severity
No CVSS data available.
CWE
- Elevation of privilege
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/105483 | vdb-entryx_refsource_BID |
| https://source.android.com/security/bulletin/2018-10-01 | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Google Inc. | Android |
Affected:
Android kernel
|
Date Public
2018-10-02 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:24:55.584Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "105483",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105483"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://source.android.com/security/bulletin/2018-10-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Android",
"vendor": "Google Inc.",
"versions": [
{
"status": "affected",
"version": "Android kernel"
}
]
}
],
"datePublic": "2018-10-02T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "In copy_process of fork.c, there is possible memory corruption due to a double free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-111081202 References: N/A"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Elevation of privilege",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-04T09:57:01.000Z",
"orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"shortName": "google_android"
},
"references": [
{
"name": "105483",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/105483"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://source.android.com/security/bulletin/2018-10-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"DATE_PUBLIC": "2018-10-02T00:00:00",
"ID": "CVE-2018-9513",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Android",
"version": {
"version_data": [
{
"version_value": "Android kernel"
}
]
}
}
]
},
"vendor_name": "Google Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In copy_process of fork.c, there is possible memory corruption due to a double free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-111081202 References: N/A"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Elevation of privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "105483",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105483"
},
{
"name": "https://source.android.com/security/bulletin/2018-10-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2018-10-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"assignerShortName": "google_android",
"cveId": "CVE-2018-9513",
"datePublished": "2018-10-02T19:00:00.000Z",
"dateReserved": "2018-04-05T00:00:00.000Z",
"dateUpdated": "2024-09-17T01:51:35.931Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-9514 (GCVE-0-2018-9514)
Vulnerability from cvelistv5 – Published: 2018-10-02 19:00 – Updated: 2024-09-16 17:42
VLAI
EPSS
Summary
In sdcardfs_open of file.c, there is a possible Use After Free due to an unusual root cause. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-111642636 References: N/A
Severity
No CVSS data available.
CWE
- Elevation of privilege
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/105483 | vdb-entryx_refsource_BID |
| https://source.android.com/security/bulletin/2018-10-01 | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Google Inc. | Android |
Affected:
Android kernel
|
Date Public
2018-10-02 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:24:55.759Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "105483",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105483"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://source.android.com/security/bulletin/2018-10-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Android",
"vendor": "Google Inc.",
"versions": [
{
"status": "affected",
"version": "Android kernel"
}
]
}
],
"datePublic": "2018-10-02T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "In sdcardfs_open of file.c, there is a possible Use After Free due to an unusual root cause. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-111642636 References: N/A"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Elevation of privilege",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-04T09:57:01.000Z",
"orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"shortName": "google_android"
},
"references": [
{
"name": "105483",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/105483"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://source.android.com/security/bulletin/2018-10-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"DATE_PUBLIC": "2018-10-02T00:00:00",
"ID": "CVE-2018-9514",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Android",
"version": {
"version_data": [
{
"version_value": "Android kernel"
}
]
}
}
]
},
"vendor_name": "Google Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In sdcardfs_open of file.c, there is a possible Use After Free due to an unusual root cause. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-111642636 References: N/A"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Elevation of privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "105483",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105483"
},
{
"name": "https://source.android.com/security/bulletin/2018-10-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2018-10-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"assignerShortName": "google_android",
"cveId": "CVE-2018-9514",
"datePublished": "2018-10-02T19:00:00.000Z",
"dateReserved": "2018-04-05T00:00:00.000Z",
"dateUpdated": "2024-09-16T17:42:54.580Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-9515 (GCVE-0-2018-9515)
Vulnerability from cvelistv5 – Published: 2018-10-02 19:00 – Updated: 2024-09-16 21:07
VLAI
EPSS
Summary
In sdcardfs_create and sdcardfs_mkdir of inode.c, there is a possible memory corruption due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-111641492 References: N/A
Severity
No CVSS data available.
CWE
- Elevation of privilege
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/45558/ | exploitx_refsource_EXPLOIT-DB |
| http://www.securityfocus.com/bid/105483 | vdb-entryx_refsource_BID |
| https://source.android.com/security/bulletin/2018-10-01 | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Google Inc. | Android |
Affected:
Android kernel
|
Date Public
2018-10-02 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:24:55.923Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "45558",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/45558/"
},
{
"name": "105483",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105483"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://source.android.com/security/bulletin/2018-10-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Android",
"vendor": "Google Inc.",
"versions": [
{
"status": "affected",
"version": "Android kernel"
}
]
}
],
"datePublic": "2018-10-02T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "In sdcardfs_create and sdcardfs_mkdir of inode.c, there is a possible memory corruption due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-111641492 References: N/A"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Elevation of privilege",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T09:57:01.000Z",
"orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"shortName": "google_android"
},
"references": [
{
"name": "45558",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/45558/"
},
{
"name": "105483",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/105483"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://source.android.com/security/bulletin/2018-10-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"DATE_PUBLIC": "2018-10-02T00:00:00",
"ID": "CVE-2018-9515",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Android",
"version": {
"version_data": [
{
"version_value": "Android kernel"
}
]
}
}
]
},
"vendor_name": "Google Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In sdcardfs_create and sdcardfs_mkdir of inode.c, there is a possible memory corruption due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-111641492 References: N/A"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Elevation of privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "45558",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/45558/"
},
{
"name": "105483",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105483"
},
{
"name": "https://source.android.com/security/bulletin/2018-10-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2018-10-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"assignerShortName": "google_android",
"cveId": "CVE-2018-9515",
"datePublished": "2018-10-02T19:00:00.000Z",
"dateReserved": "2018-04-05T00:00:00.000Z",
"dateUpdated": "2024-09-16T21:07:52.862Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…