CVE-2018-9439

MEDIUM

Android - Use-After-Free in af_packet.c

Title source: llm
STIX 2.1

Description

In __unregister_prot_hook and packet_release of af_packet.c, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege in the kernel with System execution privileges needed. User interaction is not needed for exploitation.

References (1)

Core 1

Scores

CVSS v3 6.7
EPSS 0.0008
EPSS Percentile 0.3%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-416
Status published
Products (1)
google/android
Published Dec 05, 2024
Tracked Since Feb 18, 2026