CVE-2018-9344

HIGH

Google Android - Improper Locking

Title source: rule

Description

In several functions of DescramblerImpl.cpp, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Exploits (1)

github WORKING POC 8 stars

by codecat007 · cpoc

https://github.com/codecat007/cvehub/tree/main/android/securityPatch/CVE-2018-9344

View Code ZIP pw:eip

References (1)

[Patch, Vendor Advisory] https://source.android.com/security/bulletin/2018-06-01

Scores

CVSS v3 7.8

EPSS 0.0004

EPSS Percentile 11.3%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-667 CWE-416

Status published

Products (1)

google/android 8.1

Published Nov 19, 2024

Tracked Since Feb 18, 2026