CVE-2018-9339

HIGH

Google Android - Type Confusion

Title source: rule

Description

In writeTypedArrayList and readTypedArrayList of Parcel.java, there is a possible escalation of privilege due to type confusion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

References (1)

[Patch, Vendor Advisory] https://source.android.com/security/bulletin/2018-06-01

Scores

CVSS v3 7.8

EPSS 0.0003

EPSS Percentile 10.1%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-704 CWE-843

Status published

Products (2)

google/android 8.0

google/android 8.1

Published Nov 19, 2024

Tracked Since Feb 18, 2026