Missing Bounds Check Leads to Local Information Disclosure with System Execution Privileges
CVE-2018-9408
4.4MEDIUM
What is CVE-2018-9408?
An Out Of Bounds Read vulnerability exists in the GPS component of the Android operating system, specifically within the functions m3326_gps_write and m3326_gps_read in gps.s. This issue arises from a missing bounds check, which could potentially allow an attacker to access sensitive information locally. Exploitation of this vulnerability does not require user interaction, enabling unauthorized access to data with system execution privileges. The security of affected devices could be compromised if this vulnerability is exploited.
Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.
Affected Version(s)
Android Kernel
References
CVSS V3.1
Score:
4.4
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published