Address Space Layout Randomization Bypass in Android Products by Google
CVE-2018-9434

7.8HIGH

Key Information:

Vendor
Google
Status
Vendor
CVE Published:
17 January 2025

Summary

A vulnerability within the Parcel.cpp functions of Android could allow an attacker to bypass address space layout randomization (ASLR). This weakness may enable local escalation of privileges without the need for additional execution privileges or user interaction. This could potentially result in unauthorized access to sensitive system resources by manipulating the memory layout, posing a significant risk to the integrity of Android devices.

Affected Version(s)

Android Android Kernel

References

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

.