CVE-2018-9511

In ipSecSetEncapSocketOwner of XfrmController.cpp, there is a possible failure to initialize a security feature due to uninitialized data. This could lead to local denial of service of IPsec on sockets with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-9.0 Android ID: A-111650288

CVSS v3 5.5 MEDIUM
CVSS v2.0 4.9 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector : AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

4.9^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:L/AC:L/Au:N/C:N/I:N/A:C

Exploitability : 3.9 / Impact : 6.9

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact COMPLETE

References

Link	Resource
http://www.securityfocus.com/bid/105482	Third Party Advisory VDB Entry
https://android.googlesource.com/platform/system/netd/+/931418b16c7197ca2df34c2a5609e49791125abe	Patch Vendor Advisory
https://source.android.com/security/bulletin/2018-10-01	Patch Vendor Advisory
https://source.android.com/security/bulletin/2018-10-01%2C

Configurations

Configuration 1 (hide)

cpe:2.3:o:google:android:9.0:*:*:*:*:*:*:*

History

07 Nov 2023, 03:01

Type	Values Removed	Values Added
References	{'url': 'https://source.android.com/security/bulletin/2018-10-01,', 'name': 'https://source.android.com/security/bulletin/2018-10-01,', 'tags': ['Broken Link', 'Vendor Advisory'], 'refsource': 'CONFIRM'}	() https://source.android.com/security/bulletin/2018-10-01%2C -

Information

Published : 2018-10-02 19:29

Updated : 2024-02-28 16:48

NVD link : CVE-2018-9511

Mitre link : CVE-2018-9511

CVE.ORG link : CVE-2018-9511

JSON object : View

Products Affected

google

android

CWE

CWE-909

Missing Initialization of Resource

5.5 /10

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

4.9 /10

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact COMPLETE

JSON object

Attach tags to CVE-2018-9511

5.5^/10

4.9^/10

Attach tags to `CVE-2018-9511`