Vulnerability Description
In CollectValuesOrEntriesImpl of elements.cc, there is possible remote code execution due to type confusion. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0 Android ID: A-111274046
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Android | 7.0 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/105484Third Party AdvisoryVDB Entry
- https://android.googlesource.com/platform/external/chromium-libpac/+/948d4753664
- https://android.googlesource.com/platform/external/v8/+/a24543157ae2cdd25da43e20PatchThird Party Advisory
- https://source.android.com/security/bulletin/2018-10-01%2C
- http://www.securityfocus.com/bid/105484Third Party AdvisoryVDB Entry
- https://android.googlesource.com/platform/external/chromium-libpac/+/948d4753664
- https://android.googlesource.com/platform/external/v8/+/a24543157ae2cdd25da43e20PatchThird Party Advisory
- https://source.android.com/security/bulletin/2018-10-01%2C
FAQ
What is CVE-2018-9490?
CVE-2018-9490 is a vulnerability with a CVSS score of 7.8 (HIGH). In CollectValuesOrEntriesImpl of elements.cc, there is possible remote code execution due to type confusion. This could lead to remote escalation of privilege with no additional execution privileges n...
How severe is CVE-2018-9490?
CVE-2018-9490 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-9490?
Check the references section above for vendor advisories and patch information. Affected products include: Google Android.