CVE-2018-9411

HIGH

Android - Out-of-bounds Write in ClearKeyCasPlugin.cpp

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2018-9411. PoCs published by tamirzb.

AI-analyzed exploit summary This is a functional exploit for CVE-2018-9411 targeting MediaCasService on Android, leveraging a memory corruption vulnerability to achieve arbitrary code execution in the Trusted Execution Environment (TEE). The exploit uses a ROP chain to gain access to the QSEOS version, demonstrating control over the TEE.

Description

In decrypt of ClearKeyCasPlugin.cpp there is a possible out-of-bounds write due to a missing bounds check. This could lead to remote arbitrary code execution with no additional execution privileges needed. User interaction is needed for exploitation.

Exploits (1)

nomisec WORKING POC 52 stars
by tamirzb · poc
https://github.com/tamirzb/CVE-2018-9411

This is a functional exploit for CVE-2018-9411 targeting MediaCasService on Android, leveraging a memory corruption vulnerability to achieve arbitrary code execution in the Trusted Execution Environment (TEE). The exploit uses a ROP chain to gain access to the QSEOS version, demonstrating control over the TEE.

Classification
Working Poc 95%
Attack Type
Lpe
Complexity
Complex
Reliability
Reliable
Target: Android MediaCasService (Pixel 2 with May 2018 security update)
No auth needed
Prerequisites: Physical or local access to a vulnerable Pixel 2 device · Android source code for building the exploit · Specific device fingerprint (google/walleye/walleye:8.1.0/OPM2.171019.029.B1/4720900:user/release-keys)
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1
Core References

Scores

CVSS v3 8.8
EPSS 0.0055
EPSS Percentile 41.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-787
Status published
Products (2)
google/android 8.0
google/android 8.1
Published Nov 19, 2024
Tracked Since Feb 18, 2026