Address Space Layout Randomization Bypass in Android Products by Google
CVE-2018-9434

7.8HIGH

Key Information:

Vendor: Google
Status: Android
Vendor: CVE Published:; 17 January 2025

Summary

A vulnerability within the Parcel.cpp functions of Android could allow an attacker to bypass address space layout randomization (ASLR). This weakness may enable local escalation of privileges without the need for additional execution privileges or user interaction. This could potentially result in unauthorized access to sensitive system resources by manipulating the memory layout, posing a significant risk to the integrity of Android devices.

Affected Version(s)

Android Android Kernel

References

https://source.android.com/security/bulletin/pixel/2018-0...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 17, 2025