How severe is CVE-2018-9377?

CVE-2018-9377 has a CVSS v3 score of 5.5 (MEDIUM).

CVE-2018-9377

Name: android
Author: google

5.5MEDIUM

In getIntentForIntentSender of ActivityManagerService.java, there is a possible way to access user metadata due to a pending intent. This could lead to local escalation of privilege with no additional

Опубликовано: 11/28/2024Обновлено: 4/3/2025

Описание

In getIntentForIntentSender of ActivityManagerService.java, there is a possible way to access user metadata due to a pending intent. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

ИИ-АнализНа базе ИИ

Затронутые продукты

googleandroid

6.0

googleandroid

6.0.1

Ссылки

https://source.android.com/docs/security/bulletin/pixel/2018-06-01
Vendor Advisory