CVE-2018-9566
https://notcve.org/view.php?id=CVE-2018-9566
In process_service_search_rsp of sdp_discovery.c, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure when connecting to a malicious Bluetooth device with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. • http://www.securityfocus.com/bid/106147 https://source.android.com/security/bulletin/2018-12-01 • CWE-125: Out-of-bounds Read •
CVE-2018-9547
https://notcve.org/view.php?id=CVE-2018-9547
In unflatten of GraphicBuffer.cpp, there is a possible bad fd close due to improper input validation. This could lead to local escalation of privilege in the system server with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-8.1 Android-9. • http://www.securityfocus.com/bid/106067 https://source.android.com/security/bulletin/2018-12-01 • CWE-20: Improper Input Validation •
CVE-2018-9557
https://notcve.org/view.php?id=CVE-2018-9557
In really_install_package of install.cpp, there is a possible free of arbitrary memory due to uninitialized data. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2. • http://www.securityfocus.com/bid/106147 https://source.android.com/security/bulletin/2018-12-01 • CWE-763: Release of Invalid Pointer or Reference CWE-908: Use of Uninitialized Resource •
CVE-2018-9548
https://notcve.org/view.php?id=CVE-2018-9548
In multiple functions of ContentProvider.java, there is a possible permission bypass due to a missing URI validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. • http://www.securityfocus.com/bid/106067 https://source.android.com/security/bulletin/2018-12-01 • CWE-862: Missing Authorization •
CVE-2018-9552
https://notcve.org/view.php?id=CVE-2018-9552
In ihevcd_sao_shift_ctb of ihevcd_sao.c there is a possible out of bounds write due to missing bounds check. This could lead to information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. • http://www.securityfocus.com/bid/106137 https://source.android.com/security/bulletin/2018-12-01 • CWE-787: Out-of-bounds Write •