Possible Out of Bounds Read and Code Execution Vulnerability in smp_l2c.cc
CVE-2018-9365

8.8HIGH

Key Information:

Vendor: Google
Status: Andrioid
Vendor: CVE Published:; 19 November 2024

Summary

The vulnerability in question originates from the smp_data_received function within the smp_l2c.cc file, where a missing bounds check can lead to an out of bounds read. This flaw opens a pathway for remote code execution, enabling unauthorized commands to be executed without requiring additional execution privileges from the user. Exploitation of this vulnerability necessitates some form of user interaction, potentially compromising device security.

Affected Version(s)

Andrioid 6

Andrioid 6.0.1

Andrioid 7

References

https://source.android.com/security/bulletin/2018-07-01

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Nov 19, 2024
Vulnerability Reserved
Apr 5, 2018