CVE-2018-9517

HIGH

Description

In pppol2tp_connect, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-38159931.

References

https://source.android.com/security/bulletin/pixel/2018-09-01

https://usn.ubuntu.com/3932-1/

https://usn.ubuntu.com/3932-2/

Details

Source: MITRE

Published: 2018-12-07

Updated: 2019-04-03

Type: CWE-416

Risk Information

CVSS v2.0

Base Score: 7.2

Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 3.9

Severity: HIGH

CVSS v3.0

Base Score: 6.7

Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 0.8

Severity: MEDIUM

Tenable Plugins

View all (2 total)

ID	Name	Product	Family	Severity
123681	Ubuntu 14.04 LTS : linux-lts-xenial, linux-aws vulnerabilities (USN-3932-2)	Nessus	Ubuntu Local Security Checks	high
123680	Ubuntu 16.04 LTS : linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon vulnerabilities (USN-3932-1)	Nessus	Ubuntu Local Security Checks	high