CVE-2018-9523
https://notcve.org/view.php?id=CVE-2018-9523
In Parcel.writeMapInternal of Parcel.java, there is a possible parcel serialization/deserialization mismatch due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. • http://www.securityfocus.com/bid/105847 https://source.android.com/security/bulletin/2018-11-01 • CWE-20: Improper Input Validation •
CVE-2018-9539
https://notcve.org/view.php?id=CVE-2018-9539
In the ClearKey CAS descrambler, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-8.0 Android-8.1 Android-9. • https://github.com/tamirzb/CVE-2018-9539 http://www.securityfocus.com/bid/105865 https://source.android.com/security/bulletin/2018-11-01 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVE-2018-9457
https://notcve.org/view.php?id=CVE-2018-9457
In onCheckedChanged of BluetoothPairingController.java, there is a possible way to retrieve contact information due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-8.0 Android-8.1 Android-9. • http://www.securityfocus.com/bid/105845 https://source.android.com/security/bulletin/2018-11-01 https://source.android.com/security/bulletin/pixel/2018-08-01 • CWE-862: Missing Authorization •
CVE-2018-9527
https://notcve.org/view.php?id=CVE-2018-9527
In vorbis_book_decodev_set of codebook.c there is a possible out of bounds write due to missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. • http://www.securityfocus.com/bid/105865 https://source.android.com/security/bulletin/2018-11-01 • CWE-787: Out-of-bounds Write •
CVE-2018-9540
https://notcve.org/view.php?id=CVE-2018-9540
In avrc_ctrl_pars_vendor_rsp of avrc_pars_ct.c, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. • http://www.securityfocus.com/bid/105849 https://source.android.com/security/bulletin/2018-11-01 • CWE-125: Out-of-bounds Read •