CVE-2018-9422

Summary

CVE	CVE-2018-9422
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2018-11-06 17:29:00 UTC
Updated	2019-08-19 20:15:00 UTC
Description	In get_futex_key of futex.c, there is a use-after-free due to improper locking. This could lead to local escalation of privilege with no additional privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-74250718 References: Upstream kernel.

Risk And Classification

Problem Types: CWE-416

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Operating System	Debian	Debian Linux	8.0	All	All	All
Operating System	Debian	Debian Linux	9.0	All	All	All
Operating System	Debian	Debian Linux	8.0	All	All	All
Operating System	Debian	Debian Linux	9.0	All	All	All
Operating System	Google	Android	-	All	All	All
Operating System	Google	Android	-	All	All	All

References

Reference	Source	Link	Tags
Android Security Bulletin—July 2018 \| Android Open Source Project	CONFIRM	source.android.com	Patch, Vendor Advisory
[SECURITY] [DLA 1422-1] linux security update	MLIST	lists.debian.org	Third Party Advisory
[SECURITY] [DLA 1422-2] linux security update	MLIST	lists.debian.org	Third Party Advisory
Bug 1102001 – VUL-0: CVE-2018-9422: kernel: Elevation of Privilege in futex	MISC	bugzilla.suse.com
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

Legacy QID Mappings

160123 Oracle Enterprise Linux Security Update for unbreakable enterprise kernel (ELSA-2022-9852)
390268 Oracle VM Server for x86 Security Update for kernel (OVMSA-2022-0026)