Published: 02/10/2018 Updated: 03/10/2019

CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9

CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8

VMScore: 725

Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

In sdcardfs_create and sdcardfs_mkdir of inode.c, there is a possible memory corruption due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-111641492 References: N/A

Vulnerable Product	Search on Vulmon	Subscribe to Product
google android -

Tested on a Pixel 2 (walleye): [robuildab_update]: [true] [robuildcharacteristics]: [nosdcard] [robuilddate]: [Mon Jun 4 22:10:18 UTC 2018] [robuilddateutc]: [1528150218] [robuilddescription]: [walleye-user 810 OPM2171026006G1 4820017 release-keys] [robuilddisplayid]: [OPM2171026006G1] [robuildexpectbaseband]: [g8998-00202 ...

CWE-119 NVD-CWE-noinfo https://source.android.com/security/bulletin/2018-10-01 http://www.securityfocus.com/bid/105483 https://www.exploit-db.com/exploits/45558/https://nvd.nist.gov https://www.exploit-db.com/exploits/45558/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2018-9515

Vulnerability Summary

Vulnerability Trend

Exploits

References

Vulmon Search

About

Products

Connect