CVE-2018-9476

State: PUBLISHED · Published: 2018-10-02 · Updated: 2024-09-17 · Assigner: google_android

Description

In avrc_pars_browsing_cmd of avrc_pars_tg.cc, there is a possible use-after-free due to improper locking. This could lead to remote escalation of privilege in the Bluetooth service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-8.0 Android-8.1 Android ID: A-109699112

CWE

(none)

Affected

Google Inc. / Android — v=Android-8.0 Android-8.1 [affected]

CVSS

(none)

References

http://www.securityfocus.com/bid/105482 vdb-entry, x_refsource_BID
https://source.android.com/security/bulletin/2018-10-01%2C x_refsource_CONFIRM
https://android.googlesource.com/platform/system/bt/+/dd28d8ddf2985d654781770c691c60b45d7f32b4 x_refsource_MISC

Source

cvelistV5-main/cves/2018/9xxx/CVE-2018-9476.json