CVE-2018-9524
Summary
| CVE | CVE-2018-9524 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2018-11-14 18:29:00 UTC |
| Updated | 2019-10-03 00:03:00 UTC |
| Description | In functionality implemented in System UI, there are insufficient protections implemented around overlay windows. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1. Android ID: A-34170870 |
Risk And Classification
Problem Types: CWE-1021
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Operating System | Android | 7.0 | All | All | All | |
| Operating System | Android | 7.1.1 | All | All | All | |
| Operating System | Android | 7.1.2 | All | All | All | |
| Operating System | Android | 8.0 | All | All | All | |
| Operating System | Android | 8.1 | All | All | All | |
| Operating System | Android | 7.0 | All | All | All | |
| Operating System | Android | 7.1.1 | All | All | All | |
| Operating System | Android | 7.1.2 | All | All | All | |
| Operating System | Android | 8.0 | All | All | All | |
| Operating System | Android | 8.1 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Android Security Bulletin—November 2018 | Android Open Source Project | CONFIRM | source.android.com | Patch, Vendor Advisory |
| Google Android Framework Component Multiple Privilege Escalation Vulnerabilities | BID | www.securityfocus.com | Third Party Advisory, VDB Entry |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.