Main Vulnerability Database Vulnerabilities #VU36406

Out-of-bounds write in Google Android - CVE-2018-9522

Published: November 14, 2018 / Updated: August 8, 2020

Vulnerability identifier: #VU36406

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2018-9522

CWE-ID: CWE-787

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: Google

Affected software:
Google Android

Detailed vulnerability description

The vulnerability allows a local authenticated user to execute arbitrary code.

In the serialization functions of StatsLogEventWrapper.java, there is a possible out-of-bounds write due to unnecessary functionality which may be abused. This could lead to local escalation of privilege in the system process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-112550251

How to mitigate CVE-2018-9522

Install update from vendor's website.

Out-of-bounds write in Google Android - CVE-2018-9522

Detailed vulnerability description

How to mitigate CVE-2018-9522

Sources

Please verify you're human