CVE-2017-13238

MEDIUM

Android - Local Information Disclosure via XBLRamDump Debug Feature

Title source: llm
STIX 2.1

Description

In XBLRamDump mode, there is a debug feature that can be used to dump memory contents, if an attacker has physical access to the device. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-64610940.

References (2)

Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/103024
Vendor Advisory x_refsource_confirm
https://source.android.com/security/bulletin/2018-02-01

Scores

CVSS v3 4.2
EPSS 0.0016
EPSS Percentile 5.2%
Attack Vector PHYSICAL
CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-200
Status published
Products (1)
google/android
Published Feb 12, 2018
Tracked Since Feb 18, 2026