CVE-2018-9485

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Published Nov 20, 2024

Updated: Nov 21, 2024

CWE ID 125

Summary

CVE-2018-9485 is a vulnerability affecting the l2c_ble.cc file in certain Bluetooth implementations. Specifically, within the function l2cble_process_sig_cmd, a missing bounds check creates the opportunity for an out-of-bounds read. An attacker can exploit this issue to disclose sensitive information over Bluetooth without requiring user interaction or additional execution privileges.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Android

Affected Vendors

Google

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/WIQaE3
https://www.cve.org/CVERecord?id=CVE-2018-9485
https://nvd.nist.gov/vuln/detail/CVE-2018-9485

Back to Vulnerability Database