CVE-2017-13315

HIGH EXPLOITED

Android - Privilege Escalation

Title source: llm

Description

In writeToParcel and createFromParcel of DcParamObject.java, there is a permission bypass due to a write size mismatch. This could lead to an elevation of privileges where the user can start an activity with system privileges, with no additional execution privileges needed. User interaction is not needed for exploitation.

References (1)

[Patch, Vendor Advisory] https://source.android.com/security/bulletin/2018-05-01

Scores

CVSS v3 7.8

EPSS 0.0002

EPSS Percentile 3.4%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitation Intel

VulnCheck KEV 2019-04-12

Classification

CWE

CWE-131

Status published

Affected Products (7)

google/android

Timeline

Published Nov 19, 2024

Tracked Since Feb 18, 2026