CVE-2018-9511

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2018-9511
In ipSecSetEncapSocketOwner of XfrmController.cpp, there is a possible failure to initialize a security feature due to uninitialized data. This could lead to local denial of service of IPsec on sockets with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-9.0 Android ID: A-111650288

5.5 /10

CVSS v3 : MEDIUM

V3 Legend

Vector : AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

4.9 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:L/AC:L/Au:N/C:N/I:N/A:C

Exploitability : 3.9 / Impact : 6.9

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact COMPLETE

References
Link Resource
http://www.securityfocus.com/bid/105482 Third Party Advisory VDB Entry
https://android.googlesource.com/platform/system/netd/+/931418b16c7197ca2df34c2a5609e49791125abe Patch Vendor Advisory
https://source.android.com/security/bulletin/2018-10-01 Patch Vendor Advisory
https://source.android.com/security/bulletin/2018-10-01%2C
Configurations

Configuration 1 (hide)

cpe:2.3:o:google:android:9.0:*:*:*:*:*:*:*
History

07 Nov 2023, 03:01

Type Values Removed Values Added
References
  • {'url': 'https://source.android.com/security/bulletin/2018-10-01,', 'name': 'https://source.android.com/security/bulletin/2018-10-01,', 'tags': ['Broken Link', 'Vendor Advisory'], 'refsource': 'CONFIRM'}
  • () https://source.android.com/security/bulletin/2018-10-01%2C -
Information

Published : 2018-10-02 19:29

Updated : 2023-12-10 12:44

NVD link : CVE-2018-9511

Mitre link : CVE-2018-9511

CVE.ORG link : CVE-2018-9511

JSON object : View

Products Affected

google

  • android
CWE
CWE-909

Missing Initialization of Resource