4.6
CVSSv2

CVE-2018-9585

Published: 11/02/2019 Updated: 12/02/2019
CVSS v2 Base Score: 4.6 | Impact Score: 6.4 | Exploitability Score: 3.9
CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8
VMScore: 443
Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Summary

In nfc_ncif_proc_get_routing of nfc_ncif.cc in Android-7.0, Android-7.1.1, Android-7.1.2, Android-8.0, Android-8.1 and Android-9, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Android ID: A-117554809.

Vulnerability Trend

Affected Products

Vendor Product Versions
GoogleAndroid7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9.0

Vendor Advisories

The Android Security Bulletin contains details of security vulnerabilities affecting Android devices Security patch levels of 2019-01-05 or later address all of these issues To learn how to check a device's security patch level, see Check and update your Android version Android partners are notified of all issues at least a month before public ...