Main Vulnerability Database Vulnerabilities #VU21092

#VU21092 Type Confusion in Google Android - CVE-2018-9568

Published: September 12, 2019

Vulnerability identifier: #VU21092

Vulnerability risk: High

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2018-9568

CWE-ID: CWE-843

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
Google Android

Software vendor:
Google

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a type confusion error in the sk_clone_lock() function in sock.c. A local user can run a specially crafted application to trigger memory corruption and execute arbitrary code on the target system with elevated privileges.

Remediation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

External links

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/net/core/sock.c?id=9d538fa...
https://source.android.com/security/bulletin/2018-12-01

#VU21092 Type Confusion in Google Android - CVE-2018-9568

Description

Remediation

External links

Please verify you're human