Possible Information Disclosure in BnCameraService::onTransact

CVE-2018-9420

5.5MEDIUM

Key Information

Vendor
Google
Status
Android
Vendor
CVE Published:
19 November 2024

Summary

In BnCameraService::onTransact of CameraService.cpp, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

Affected Version(s)

Android = 6

Android = 6.0.1

Android = 7

Refferences

CVSS V3.1

Score:
5.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Collectors

NVD DatabaseMitre Database
.