CVE-2018-9428

HIGH EPSS 0.3%

Published Nov 19, 20241y ago · Modified Jun 17, 20261w ago

7.8 CVSS 3.1

High

Published Nov 19, 2024 1y ago

Last Modified Jun 17, 2026 1w ago

Description

In startDevice of AAudioServiceStreamBase.cpp there is a possible out of bounds write due to a use after free. This could lead to local arbitrary code execution with no additional execution privileges needed. User interaction is needed for exploitation. https://source.android.com/security/bulletin/2018-07-01

CVSS Details

Base Score

7.8

Exploitability

1.8

Impact

5.9

Vector string

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Attack Vector Local

Attack Complexity Low

Privileges Required None

User Interaction Required

Scope Unchanged

Confidentiality High

Integrity High

Availability High

Threat Intelligence

EPSS Exploit Probability

0.3% percentile

Exploit & Patch Status

No Known Exploit

No Patch Available

Weaknesses 2

CWE-416 Use After Free Memory Safety

CWE-787 Out-of-bounds Write Memory Safety

Affected Products 1

Vendor	Product	Version	Range
google	android	8.1	any

References 1

source.android.com https://source.android.com/security/bulletin/2018-07-01

Vendor Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.