CVE Vulnerabilities

CVE-2018-9381

Use of Uninitialized Resource

Published: Dec 02, 2024 | Modified: Dec 18, 2024
CVSS 3.x
7.5
HIGH
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CVSS 2.x
RedHat/V2
RedHat/V3
Ubuntu

In gatts_process_read_by_type_req of gatt_sr.c, there is a possible information disclosure due to uninitialized data. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

Weakness

The product uses or accesses a resource that has not been initialized.

Affected Software

Name Vendor Start Version End Version
Android Google 8.1 (including) 8.1 (including)

Potential Mitigations

References