Address Space Layout Randomization Bypass in Android Products by Google
CVE-2018-9434
7.8HIGH
Summary
A vulnerability within the Parcel.cpp functions of Android could allow an attacker to bypass address space layout randomization (ASLR). This weakness may enable local escalation of privileges without the need for additional execution privileges or user interaction. This could potentially result in unauthorized access to sensitive system resources by manipulating the memory layout, posing a significant risk to the integrity of Android devices.
Affected Version(s)
Android Android Kernel
References
CVSS V3.1
Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published