Login Sign Up

CVE-2018-9378

6.2 MEDIUM

📋 TL;DR

This vulnerability allows local attackers to read uninitialized memory from the Android audio policy service, potentially exposing sensitive information like audio configuration data or memory contents. It affects Android devices running vulnerable versions, requiring no user interaction or special privileges for exploitation.

💻 Affected Systems

Products:
  • Android
Versions: Android 8.0 (Oreo) and 8.1 (Oreo)
Operating Systems: Android
Default Config Vulnerable: ⚠️ Yes
Notes: Specifically affects Pixel devices and potentially other Android devices using similar audio policy service implementations.

📦 What is this software?

Android by Google

View all CVEs affecting Android →

Android by Google

View all CVEs affecting Android →

Android by Google

View all CVEs affecting Android →

Android by Google

View all CVEs affecting Android →

Android by Google

View all CVEs affecting Android →

Android by Google

View all CVEs affecting Android →

Android by Google

View all CVEs affecting Android →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Sensitive kernel or system memory contents could be disclosed, potentially revealing cryptographic keys, authentication tokens, or other protected data.

🟠

Likely Case

Limited information disclosure of audio service configuration data or adjacent memory contents with minimal practical impact.

🟢

If Mitigated

No impact if patched; unpatched systems have limited exposure due to local-only access requirement.

🌐 Internet-Facing: LOW - Requires local access to device, cannot be exploited remotely.
🏢 Internal Only: MEDIUM - Local attackers or malicious apps could exploit this without privileges.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires crafting specific IPC transactions to the audio policy service. No public exploit code is known.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Android Security Patch Level 2018-06-05 or later

Vendor Advisory: https://source.android.com/security/bulletin/pixel/2018-06-01

Restart Required: Yes

Instructions:

1. Check for system updates in Settings > System > Advanced > System update. 2. Install Android Security Patch Level 2018-06-05 or later. 3. Reboot device after installation.

🔧 Temporary Workarounds

Restrict local app permissions

android

Limit which apps have access to audio services and system permissions

🧯 If You Can't Patch

  • Isolate vulnerable devices from untrusted users and applications
  • Monitor for suspicious audio service access patterns or crashes

🔍 How to Verify

Check if Vulnerable:

Check Settings > About phone > Android security patch level. If date is before 2018-06-05, device is vulnerable.

Check Version:

adb shell getprop ro.build.version.security_patch

Verify Fix Applied:

Verify Android Security Patch Level shows 2018-06-05 or later in Settings > About phone.

📡 Detection & Monitoring

Log Indicators:

  • Unusual audio service crashes
  • Excessive BnAudioPolicyService transactions

Network Indicators:

  • None - local-only vulnerability

SIEM Query:

Look for process crashes of audioserver or unusual IPC calls to audio policy service

📊 Metadata

CVE ID: CVE-2018-9378
CVSS v3 Score: 6.2 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CWE: CWE-908
EPSS Score: 0.02% exploit probability (5.7th percentile)
Published: January 28, 2025
Last Updated: July 10, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2018-9378, you might also want to check these:

CVE-2021-26305 9.8

CVE-2021-26305 is a deserialization vulnerability in the cdr crate for Rust that allows a malicious ...

Same vulnerability type (CWE-908)
CVE-2020-36443 9.8

This vulnerability in libp2p-deflate crate for Rust allows reading uninitialized memory due to passi...

Same vulnerability type (CWE-908)
CVE-2020-36452 9.8

This vulnerability in the array-tools Rust crate allows attackers to cause memory corruption by expl...

Same vulnerability type (CWE-908)