Severity
Medium
Analysis Summary
CVE-2018-9487 CVSS:5.5
Google Android is vulnerable to a denial of service, caused by a bad uid check in setVpnForcedLocked of Vpn.java. By sending a specially crafted request, a local attacker could exploit this vulnerability to cause a denial of service.
CVE-2018-9486 CVSS:6.2
Google Android could allow a local attacker to obtain sensitive information, caused by an out-of-bounds read in hidh_l2cif_data_ind of hidh_conn.cc. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information.
CVE-2018-9485 CVSS:6.5
Google Android could allow a remote attacker to obtain sensitive information, caused by an out-of-bounds read in l2cble_process_sig_cmd of l2c_ble.cc. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information.
Impact
- Denial of Service
- Information Disclosure
Indicators of Compromise
CVE
- CVE-2018-9487
- CVE-2018-9486
- CVE-2018-9485
Affected Vendors
Affected Products
- Google Android
Remediation
Upgrade to the latest version of Android, available from the Google Website.