CVE-2017-13238
MEDIUMAndroid - Local Information Disclosure via XBLRamDump Debug Feature
Title source: llmDescription
In XBLRamDump mode, there is a debug feature that can be used to dump memory contents, if an attacker has physical access to the device. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-64610940.
References (2)
Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/103024
Vendor Advisory x_refsource_confirm
https://source.android.com/security/bulletin/2018-02-01
Scores
CVSS v3
4.2
EPSS
0.0016
EPSS Percentile
5.2%
Attack Vector
PHYSICAL
CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-200
Status
published
Products (1)
google/android
Published
Feb 12, 2018
Tracked Since
Feb 18, 2026