PT-2017-3953 · Google+4 · Android Kernel+4

Publicado

2017-09-03

Atualizado

2023-06-14

CVE-2018-9517

CVSS v2.0

7.2

Alta

Vetor

AV:L/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Android kernel

Description The issue is related to a use after free in the pppol2tp connect function, which could lead to memory corruption. This might allow an attacker to escalate privileges locally with System execution privileges. No user interaction is required for exploitation.

Recommendations For Android kernel, consider applying a patch to fix the use after free issue in the pppol2tp connect function as a permanent solution. As a temporary workaround, restrict access to the pppol2tp connect function to minimize the risk of exploitation.

Exploit

Correção

Use After Free

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-416

Identificadores relacionados

BDU:2020-03256

CESA-2019_2029

CVE-2018-9517

OPENSUSE-SU-2021:3876-1

OPENSUSE-SU-2021_3876-1

RHSA-2019:2029

RHSA-2019:2043

RHSA-2019_2029

RHSA-2019_2043

SUSE-SU-2021:3192-1

SUSE-SU-2021:3206-1

SUSE-SU-2021:3217-1

SUSE-SU-2021:3876-1

SUSE-SU-2021:3969-1

SUSE-SU-2021:3972-1

SUSE-SU-2021_3192-1

SUSE-SU-2021_3206-1

SUSE-SU-2023:0420-1

SUSE-SU-2023:2506-1

SUSE-SU-2023_0420-1

USN-3932-1

USN-3932-2

Produtos afetados

Android Kernel

Centos

Red Hat

Suse

Ubuntu

PT-2017-3953 · Google+4 · Android Kernel+4

CVE-2018-9517

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 567