From 36e7bbdfd76d30c42a6ba0b2d0c782b4aecf5341 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Fri, 7 Dec 2018 17:10:38 -0500 Subject: [PATCH] - Added submission from Android from 2018-12-07. --- 2018/9xxx/CVE-2018-9517.json | 48 +++++++++++++++++++++++++++++++++--- 2018/9xxx/CVE-2018-9518.json | 48 +++++++++++++++++++++++++++++++++--- 2018/9xxx/CVE-2018-9519.json | 48 +++++++++++++++++++++++++++++++++--- 2018/9xxx/CVE-2018-9569.json | 48 +++++++++++++++++++++++++++++++++--- 2018/9xxx/CVE-2018-9570.json | 48 +++++++++++++++++++++++++++++++++--- 2018/9xxx/CVE-2018-9571.json | 48 +++++++++++++++++++++++++++++++++--- 2018/9xxx/CVE-2018-9572.json | 48 +++++++++++++++++++++++++++++++++--- 2018/9xxx/CVE-2018-9573.json | 48 +++++++++++++++++++++++++++++++++--- 2018/9xxx/CVE-2018-9574.json | 48 +++++++++++++++++++++++++++++++++--- 2018/9xxx/CVE-2018-9575.json | 48 +++++++++++++++++++++++++++++++++--- 2018/9xxx/CVE-2018-9576.json | 48 +++++++++++++++++++++++++++++++++--- 2018/9xxx/CVE-2018-9577.json | 48 +++++++++++++++++++++++++++++++++--- 2018/9xxx/CVE-2018-9578.json | 48 +++++++++++++++++++++++++++++++++--- 13 files changed, 585 insertions(+), 39 deletions(-) diff --git a/2018/9xxx/CVE-2018-9517.json b/2018/9xxx/CVE-2018-9517.json index 2ed29717e05..d3e9c75d0c6 100644 --- a/2018/9xxx/CVE-2018-9517.json +++ b/2018/9xxx/CVE-2018-9517.json @@ -1,8 +1,31 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "security@google.com", "ID" : "CVE-2018-9517", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Android", + "version" : { + "version_data" : [ + { + "version_value" : "Android Kernel" + } + ] + } + } + ] + }, + "vendor_name" : "Google Inc." + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,26 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "In pppol2tp_connect, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-38159931." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Elevation of privilege" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://source.android.com/security/bulletin/pixel/2018-09-01" } ] } diff --git a/2018/9xxx/CVE-2018-9518.json b/2018/9xxx/CVE-2018-9518.json index 36f947b2057..56c3f31be2c 100644 --- a/2018/9xxx/CVE-2018-9518.json +++ b/2018/9xxx/CVE-2018-9518.json @@ -1,8 +1,31 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "security@google.com", "ID" : "CVE-2018-9518", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Android", + "version" : { + "version_data" : [ + { + "version_value" : "Android Kernel" + } + ] + } + } + ] + }, + "vendor_name" : "Google Inc." + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,26 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "In nfc_llcp_build_sdreq_tlv of llcp_commands.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-73083945." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Elevation of privilege" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://source.android.com/security/bulletin/pixel/2018-09-01" } ] } diff --git a/2018/9xxx/CVE-2018-9519.json b/2018/9xxx/CVE-2018-9519.json index 3b5df938b6b..a3ef84508f7 100644 --- a/2018/9xxx/CVE-2018-9519.json +++ b/2018/9xxx/CVE-2018-9519.json @@ -1,8 +1,31 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "security@google.com", "ID" : "CVE-2018-9519", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Android", + "version" : { + "version_data" : [ + { + "version_value" : "Android Kernel" + } + ] + } + } + ] + }, + "vendor_name" : "Google Inc." + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,26 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "In easelcomm_hw_build_scatterlist, there is a possible out of bounds write due to a race condition. This could lead to local escalation of privilege with System privileges required. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-69808833." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Elevation of privilege" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://source.android.com/security/bulletin/pixel/2018-09-01" } ] } diff --git a/2018/9xxx/CVE-2018-9569.json b/2018/9xxx/CVE-2018-9569.json index 65ba672ae57..75ac6ba233f 100644 --- a/2018/9xxx/CVE-2018-9569.json +++ b/2018/9xxx/CVE-2018-9569.json @@ -1,8 +1,31 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "security@google.com", "ID" : "CVE-2018-9569", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Android", + "version" : { + "version_data" : [ + { + "version_value" : "Android-9" + } + ] + } + } + ] + }, + "vendor_name" : "Google Inc." + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,26 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "In impd_init_drc_decode_post_config of impd_drc_gain_decoder.c there is a possible out-of-bound write due to incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-113885537." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Remote code execution" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://source.android.com/security/bulletin/2018-11-01" } ] } diff --git a/2018/9xxx/CVE-2018-9570.json b/2018/9xxx/CVE-2018-9570.json index 533e059c84f..1a0909d7a1b 100644 --- a/2018/9xxx/CVE-2018-9570.json +++ b/2018/9xxx/CVE-2018-9570.json @@ -1,8 +1,31 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "security@google.com", "ID" : "CVE-2018-9570", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Android", + "version" : { + "version_data" : [ + { + "version_value" : "Android-9" + } + ] + } + } + ] + }, + "vendor_name" : "Google Inc." + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,26 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "In impd_parse_drc_ext_v1 of impd_drc_dynamic_payload.c there is a possible out-of-bound write due to missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-115375616." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Remote code execution" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://source.android.com/security/bulletin/2018-11-01" } ] } diff --git a/2018/9xxx/CVE-2018-9571.json b/2018/9xxx/CVE-2018-9571.json index 7d990250881..5f68425546a 100644 --- a/2018/9xxx/CVE-2018-9571.json +++ b/2018/9xxx/CVE-2018-9571.json @@ -1,8 +1,31 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "security@google.com", "ID" : "CVE-2018-9571", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Android", + "version" : { + "version_data" : [ + { + "version_value" : "Android-9" + } + ] + } + } + ] + }, + "vendor_name" : "Google Inc." + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,26 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "In impd_parse_loud_eq_instructions of impd_drc_dynamic_payload.c there is a possible out-of-bound write due to missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-116020594." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Remote code execution" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://source.android.com/security/bulletin/2018-11-01" } ] } diff --git a/2018/9xxx/CVE-2018-9572.json b/2018/9xxx/CVE-2018-9572.json index 4c13223b134..19f7e7b3079 100644 --- a/2018/9xxx/CVE-2018-9572.json +++ b/2018/9xxx/CVE-2018-9572.json @@ -1,8 +1,31 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "security@google.com", "ID" : "CVE-2018-9572", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Android", + "version" : { + "version_data" : [ + { + "version_value" : "Android-9" + } + ] + } + } + ] + }, + "vendor_name" : "Google Inc." + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,26 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "In impd_drc_parse_coeff of impd_drc_static_payload.c there is a possible out of bounds write due to missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-116224432." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Remote code execution" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://source.android.com/security/bulletin/2018-11-01" } ] } diff --git a/2018/9xxx/CVE-2018-9573.json b/2018/9xxx/CVE-2018-9573.json index dc79237b727..3859c36d7b3 100644 --- a/2018/9xxx/CVE-2018-9573.json +++ b/2018/9xxx/CVE-2018-9573.json @@ -1,8 +1,31 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "security@google.com", "ID" : "CVE-2018-9573", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Android", + "version" : { + "version_data" : [ + { + "version_value" : "Android-9" + } + ] + } + } + ] + }, + "vendor_name" : "Google Inc." + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,26 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "In impd_parse_filt_block of impd_drc_dynamic_payload.c there is a possible out of bounds write due to missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-116467350." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Remote code execution" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://source.android.com/security/bulletin/2018-11-01" } ] } diff --git a/2018/9xxx/CVE-2018-9574.json b/2018/9xxx/CVE-2018-9574.json index be57c911efb..8daccdf22f5 100644 --- a/2018/9xxx/CVE-2018-9574.json +++ b/2018/9xxx/CVE-2018-9574.json @@ -1,8 +1,31 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "security@google.com", "ID" : "CVE-2018-9574", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Android", + "version" : { + "version_data" : [ + { + "version_value" : "Android-9" + } + ] + } + } + ] + }, + "vendor_name" : "Google Inc." + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,26 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "In impd_parse_split_drc_characteristic of impd_drc_static_payload.c there is a possible out of bounds write due to missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-116619337." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Remote code execution" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://source.android.com/security/bulletin/2018-11-01" } ] } diff --git a/2018/9xxx/CVE-2018-9575.json b/2018/9xxx/CVE-2018-9575.json index f58fc3eda26..cc49f933450 100644 --- a/2018/9xxx/CVE-2018-9575.json +++ b/2018/9xxx/CVE-2018-9575.json @@ -1,8 +1,31 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "security@google.com", "ID" : "CVE-2018-9575", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Android", + "version" : { + "version_data" : [ + { + "version_value" : "Android-9" + } + ] + } + } + ] + }, + "vendor_name" : "Google Inc." + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,26 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "In impd_parse_dwnmix_instructions of impd_drc_static_payload.c there is a possible out of bounds write due to missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-116619387." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Remote code execution" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://source.android.com/security/bulletin/2018-11-01" } ] } diff --git a/2018/9xxx/CVE-2018-9576.json b/2018/9xxx/CVE-2018-9576.json index 4f50814481c..a3e74cae51c 100644 --- a/2018/9xxx/CVE-2018-9576.json +++ b/2018/9xxx/CVE-2018-9576.json @@ -1,8 +1,31 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "security@google.com", "ID" : "CVE-2018-9576", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Android", + "version" : { + "version_data" : [ + { + "version_value" : "Android-9" + } + ] + } + } + ] + }, + "vendor_name" : "Google Inc." + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,26 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "In impd_parse_parametric_drc_instructions of impd_drc_static_payload.c there is a possible out of bounds write due to missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-116715245." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Remote code execution" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://source.android.com/security/bulletin/2018-11-01" } ] } diff --git a/2018/9xxx/CVE-2018-9577.json b/2018/9xxx/CVE-2018-9577.json index b8263bb8d26..5314fecaab9 100644 --- a/2018/9xxx/CVE-2018-9577.json +++ b/2018/9xxx/CVE-2018-9577.json @@ -1,8 +1,31 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "security@google.com", "ID" : "CVE-2018-9577", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Android", + "version" : { + "version_data" : [ + { + "version_value" : "Android-9" + } + ] + } + } + ] + }, + "vendor_name" : "Google Inc." + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,26 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "In impd_parametric_drc_parse_gain_set_params of impd_drc_static_payload.c there is a possible out of bounds write due to missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-116715937." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Remote code execution" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://source.android.com/security/bulletin/2018-11-01" } ] } diff --git a/2018/9xxx/CVE-2018-9578.json b/2018/9xxx/CVE-2018-9578.json index 91302307f06..32b68404577 100644 --- a/2018/9xxx/CVE-2018-9578.json +++ b/2018/9xxx/CVE-2018-9578.json @@ -1,8 +1,31 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "security@google.com", "ID" : "CVE-2018-9578", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Android", + "version" : { + "version_data" : [ + { + "version_value" : "Android-9" + } + ] + } + } + ] + }, + "vendor_name" : "Google Inc." + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,26 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "In ixheaacd_adts_crc_start_reg of ixheaacd_adts_crc_check.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-113261928." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Elevation of privilege" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://source.android.com/security/bulletin/2018-11-01" } ] }