PT-2017-3953 · Google+4 · Android Kernel+4

Published

2017-09-03

Updated

2023-06-14

CVE-2018-9517

CVSS v2.0

7.2

High

Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Android kernel

Description The issue is related to a use after free in the pppol2tp connect function, which could lead to memory corruption. This might allow an attacker to escalate privileges locally with System execution privileges. No user interaction is required for exploitation.

Recommendations For Android kernel, consider applying a patch to fix the use after free issue in the pppol2tp connect function as a permanent solution. As a temporary workaround, restrict access to the pppol2tp connect function to minimize the risk of exploitation.

Exploit

Fix

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

BDU:2020-03256

CESA-2019_2029

CVE-2018-9517

OPENSUSE-SU-2021:3876-1

OPENSUSE-SU-2021_3876-1

RHSA-2019:2029

RHSA-2019:2043

RHSA-2019_2029

RHSA-2019_2043

SUSE-SU-2021:3192-1

SUSE-SU-2021:3206-1

SUSE-SU-2021:3217-1

SUSE-SU-2021:3876-1

SUSE-SU-2021:3969-1

SUSE-SU-2021:3972-1

SUSE-SU-2021_3192-1

SUSE-SU-2021_3206-1

SUSE-SU-2023:0420-1

SUSE-SU-2023:2506-1

SUSE-SU-2023_0420-1

USN-3932-1

USN-3932-2

Affected Products

Android Kernel

Centos

Red Hat

Suse

Ubuntu

PT-2017-3953 · Google+4 · Android Kernel+4

CVE-2018-9517

Weakness Enumeration

Related Identifiers

Affected Products

References · 567