CVE-2018-9511 - OpenCVE

In ipSecSetEncapSocketOwner of XfrmController.cpp, there is a possible failure to initialize a security feature due to uninitialized data. This could lead to local denial of service of IPsec on sockets with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-9.0 Android ID: A-111650288

No CVSS v3.1

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Complete

AV:L/AC:L/Au:N/C:N/I:N/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Google	Android

Configuration 1 [-]

cpe:2.3:o:google:android:9.0:*:*:*:*:*:*:*

References

Link	Resource
http://www.securityfocus.com/bid/105482	Third Party Advisory VDB Entry
https://android.googlesource.com/platform/system/netd/+/931418b16c7197ca2df34c2a5609e49791125abe	Patch Vendor Advisory
https://source.android.com/security/bulletin/2018-10-01	Patch Vendor Advisory
https://source.android.com/security/bulletin/2018-10-01%2C

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: google_android

Published: 2018-10-02T00:00:00

Updated: 2018-10-04T09:57:01

Reserved: 2018-04-05T00:00:00

Link: CVE-2018-9511

JSON object: View

NVD Information

Status : Modified

Published: 2018-10-02T19:29:13.353

Modified: 2023-11-07T03:01:38.123

Link: CVE-2018-9511

JSON object: View

Redhat Information

No data.

CWE

CWE-909

{"containers": {"cna": {"affected": [{"product": "Android", "vendor": "Google Inc.", "versions": [{"status": "affected", "version": "Android-9.0"}]}], "datePublic": "2018-10-02T00:00:00", "descriptions": [{"lang": "en", "value": "In ipSecSetEncapSocketOwner of XfrmController.cpp, there is a possible failure to initialize a security feature due to uninitialized data. This could lead to local denial of service of IPsec on sockets with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-9.0 Android ID: A-111650288"}], "problemTypes": [{"descriptions": [{"description": "Denial of service", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-04T09:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android"}, "references": [{"name": "105482", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/105482"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://source.android.com/security/bulletin/2018-10-01%2C"}, {"tags": ["x_refsource_MISC"], "url": "https://android.googlesource.com/platform/system/netd/+/931418b16c7197ca2df34c2a5609e49791125abe"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@android.com", "DATE_PUBLIC": "2018-10-02T00:00:00", "ID": "CVE-2018-9511", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Android", "version": {"version_data": [{"version_value": "Android-9.0"}]}}]}, "vendor_name": "Google Inc."}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In ipSecSetEncapSocketOwner of XfrmController.cpp, there is a possible failure to initialize a security feature due to uninitialized data. This could lead to local denial of service of IPsec on sockets with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-9.0 Android ID: A-111650288"}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Denial of service"}]}]}, "references": {"reference_data": [{"name": "105482", "refsource": "BID", "url": "http://www.securityfocus.com/bid/105482"}, {"name": "https://source.android.com/security/bulletin/2018-10-01,", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2018-10-01,"}, {"name": "https://android.googlesource.com/platform/system/netd/+/931418b16c7197ca2df34c2a5609e49791125abe", "refsource": "MISC", "url": "https://android.googlesource.com/platform/system/netd/+/931418b16c7197ca2df34c2a5609e49791125abe"}]}}}}, "cveMetadata": {"assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2018-9511", "datePublished": "2018-10-02T00:00:00", "dateReserved": "2018-04-05T00:00:00", "dateUpdated": "2018-10-04T09:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:google:android:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "8DFAAD08-36DA-4C95-8200-C29FE5B6B854", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "In ipSecSetEncapSocketOwner of XfrmController.cpp, there is a possible failure to initialize a security feature due to uninitialized data. This could lead to local denial of service of IPsec on sockets with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-9.0 Android ID: A-111650288"}, {"lang": "es", "value": "En ipSecSetEncapSocketOwner en XfrmController.cpp, hay un posible error a la hora de inicializar una caracter\u00edstica de seguridad debido a datos no inicializados. Esto podr\u00eda llevar a una denegaci\u00f3n de servicio local de IPsec en sockets sin necesitar privilegios de ejecuci\u00f3n adicionales. No se necesita interacci\u00f3n del usuario para explotarlo. Producto: Versiones de Android: Android-9.0. Android ID: A-111650288"}], "id": "CVE-2018-9511", "lastModified": "2023-11-07T03:01:38.123", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 4.9, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-10-02T19:29:13.353", "references": [{"source": "security@android.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/105482"}, {"source": "security@android.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://android.googlesource.com/platform/system/netd/+/931418b16c7197ca2df34c2a5609e49791125abe"}, {"source": "nvd@nist.gov", "tags": ["Patch", "Vendor Advisory"], "url": "https://source.android.com/security/bulletin/2018-10-01"}, {"source": "security@android.com", "url": "https://source.android.com/security/bulletin/2018-10-01%2C"}], "sourceIdentifier": "security@android.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-909"}], "source": "nvd@nist.gov", "type": "Primary"}]}