PT-2018-2703 · Google+5 · Android Kernel+5

Published

2017-10-13

·

Updated

2023-02-24

·

CVE-2018-9568

CVSS v3.1

7.8

High

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Android kernel
Description The issue is related to a possible memory corruption due to type confusion in the sk clone lock function of sock.c. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not required for exploitation. The vulnerability may also cause a denial of service or allow an attacker to execute arbitrary code.
Recommendations For Android kernel, update to a version that includes the fix for the type confusion issue in sk clone lock of sock.c. As a temporary workaround, consider restricting access to the sk clone lock function until a patch is available.

Fix

Incorrect Type Conversion or Cast

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-704

Related Identifiers

ALT-PU-2017-2424
ALT-PU-2017-2425
BDU:2019-01417
CESA-2019_0512
CESA-2019_2736
CVE-2018-9568
OPENSUSE-SU-2019:0065-1
OPENSUSE-SU-2019_0065-1
OPENSUSE-SU-2019_0140-1
RHSA-2019:0512
RHSA-2019:0514
RHSA-2019:2696
RHSA-2019:2730
RHSA-2019:2736
RHSA-2019:3967
RHSA-2019:4056
RHSA-2019:4159
RHSA-2019:4164
RHSA-2019:4255
RHSA-2019_0512
RHSA-2019_0514
RHSA-2019_2736
SUSE-SU-2018:4153-1
SUSE-SU-2018:4154-1
SUSE-SU-2018:4157-1
SUSE-SU-2018:4158-1
SUSE-SU-2018:4195-1
SUSE-SU-2018:4196-1
SUSE-SU-2018:4238-1
SUSE-SU-2018_4154-1
SUSE-SU-2018_4158-1
SUSE-SU-2018_4196-1
SUSE-SU-2019:0148-1
SUSE-SU-2019:0150-1
SUSE-SU-2019:0196-1
SUSE-SU-2019:0222-1
SUSE-SU-2019:0224-1
SUSE-SU-2019:0320-1
SUSE-SU-2019:0439-1
SUSE-SU-2019:0541-1
SUSE-SU-2019:1289-1
SUSE-SU-2019:13937-1
SUSE-SU-2019:13979-1
USN-3880-1
USN-3880-2

Affected Products

Alt Linux
Android Kernel
Centos
Red Hat
Suse
Ubuntu