6 matches found
CVE-2018-9445
In readMetadata of Utils.cpp, there is a possible path traversal bug due to a confused deputy. This could lead to local escalation of privilege when mounting a USB device with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions:...
CVE-2018-9445
CVE-2018-9445 describes a path traversal/privilege escalation chain in Android. The root issue: readMetadata in Utils.cpp can be fed a crafted label via blkid output that Vold uses to build a mount path, allowing a USB mass storage device to influence the path used for mounting (UUID/TYPE) and en...
Android (zygote->init;) Chain from USB Privilege Escalation Exploit
Exploit for Android platform in category local exploits After reporting https://bugs.chromium.org/p/project-zero/issues/detail?id=1583 Android ID 80436257, CVE-2018-9445, I discovered that this issue could also be used to inject code into the context of the zygote. Additionally, I discovered a...
Android - zygote-init; Chain from USB Privilege Escalation
Android - zygote-init; Chain from USB Privilege Escalation After reporting https://bugs.chromium.org/p/project-zero/issues/detail?id=1583 Android ID 80436257, CVE-2018-9445, I discovered that this issue could also be used to inject code into the context of the zygote. Additionally, I discovered a...
Android - 'zygote->init;' Chain from USB Privilege Escalation
After reporting https://bugs.chromium.org/p/project-zero/issues/detail?id=1583 Android ID 80436257, CVE-2018-9445, I discovered that this issue could also be used to inject code into the context of the zygote. Additionally, I discovered a privilege escalation path from zygote to init; that...
CVE-2018-9445
creationtimestamp| type| source ---|---|--- 2018-08-13 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/45192...