How severe is CVE-2018-9377?

CVE-2018-9377 has a CVSS v3 score of 5.5 (MEDIUM).

CVE-2018-9377

Name: android
Author: google

5.5MEDIUM

In getIntentForIntentSender of ActivityManagerService.java, there is a possible way to access user metadata due to a pending intent. This could lead to local escalation of privilege with no additional

Veröffentlicht: 11/28/2024Aktualisiert: 4/3/2025

Beschreibung

In getIntentForIntentSender of ActivityManagerService.java, there is a possible way to access user metadata due to a pending intent. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

KI-AnalyseKI-gestützt

Betroffene Produkte

googleandroid

6.0

googleandroid

6.0.1

Referenzen

https://source.android.com/docs/security/bulletin/pixel/2018-06-01
Vendor Advisory