Analysis Summary

CVE-2018-9387 CVSS:7.8

Google Android could allow a local authenticated attacker to gain elevated privileges on the system, caused by an integer overflow in multiple functions of mnh-sm.c.

CVE-2018-9461 CVSS:7

Google Android could allow a local authenticated attacker to gain elevated privileges on the system, caused by a race condition in onAttachFragment of ShareIntentActivity.java.

Impact

• Privilege Escalation

Indicators of Compromise

CVE

• CVE-2018-9387

• CVE-2018-9461

Affected Vendors

Remediation

Upgrade to the latest version of Android, available from the Google Website.

Google Website