VDB
CVE-2018-9508
CVE-2018-9508
PUBLISHED
CVSS 6.5 MEDIUM
In smp_process_keypress_notification of smp_act.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote information disclosure over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android ID: A-111936834
EPSS 0.25% · 48.5th percentile
Risk Scores
CVSS 3.0
6.5
CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score
0.25%
48.5th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Google Inc. | Android | Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 |
| android | 7.0, 7.1.1, 7.1.2 |
Exploit Intelligence
Timeline
- Oct 2, 2018 CVE Published
- Apr 14, 2021 EPSS Score
- Jun 23, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Oct 26, 2021 EPSS Score
- Dec 27, 2021 EPSS Score
- Feb 4, 2022 EPSS Score
- Feb 28, 2022 EPSS Score
- May 2, 2022 EPSS Score
- Sep 5, 2022 EPSS Score
- Nov 6, 2022 EPSS Score
- Jan 8, 2023 EPSS Score
References
- https://source.android.com/security/bulletin/2018-10-01.html advisory
- 105482 vdb
- https://source.android.com/security/bulletin/2018-10-01%2C url
- https://android.googlesource.com/platform/system/bt/+/e8bbf5b0889790cf8616f4004867f0ff656f0551 url
- https://source.android.com/security/bulletin/2018-10-01 patch
- https://nvd.nist.gov/vuln/detail/CVE-2018-9508 advisory
- https://source.android.com/security/bulletin/2018-10-01, url