Vulnerabilities > CVE-2018-9488 - Incorrect Authorization vulnerability in Google Android 8.0/8.1/9.0

CVSS 7.8 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

local

low complexity

google

CWE-863

exploit available

NVD

Published: 2018-11-06

Updated: 2020-08-24

Summary

In the SELinux permissions of crash_dump.te, there is a permissions bypass due to a missing restriction. This could lead to a local escalation of privilege, with System privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-8.0 Android-8.1 Android-9.0 Android ID: A-110107376.

Vulnerable Configurations

Part	Description	Count
OS	Google Google Android 8.0 Google Android 8.1 Google Android 9.0	3

Common Weakness Enumeration (CWE)

CWE-863 - Incorrect Authorization

Exploit-Db

description	Android - 'zygote->init;' Chain from USB Privilege Escalation. CVE-2018-9488. Local exploit for Android platform. Tags: Local
file	exploits/android/local/45379.txt
id	EDB-ID:45379
last seen	2018-10-07
modified	2018-09-11
platform	android
port
published	2018-09-11
reporter	Exploit-DB
source	https://www.exploit-db.com/download/45379/
title	Android - 'zygote->init;' Chain from USB Privilege Escalation
type	local

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Exploit-Db

References