Vulnerability Description
In sdp_copy_raw_data of sdp_discovery.cc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution over bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0 Android ID: A-110216176
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Android | 7.0 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/105482Third Party AdvisoryVDB Entry
- https://android.googlesource.com/platform/system/bt/+/11fb7aa03437eccac98d90ca2dPatchVendor Advisory
- https://source.android.com/security/bulletin/2018-10-01%2C
- https://source.android.com/security/bulletin/2018-10-01PatchVendor Advisory
- http://www.securityfocus.com/bid/105482Third Party AdvisoryVDB Entry
- https://android.googlesource.com/platform/system/bt/+/11fb7aa03437eccac98d90ca2dPatchVendor Advisory
- https://source.android.com/security/bulletin/2018-10-01%2C
FAQ
What is CVE-2018-9504?
CVE-2018-9504 is a vulnerability with a CVSS score of 8.8 (HIGH). In sdp_copy_raw_data of sdp_discovery.cc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution over bluetooth with no additional execution...
How severe is CVE-2018-9504?
CVE-2018-9504 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-9504?
Check the references section above for vendor advisories and patch information. Affected products include: Google Android.