Login Sign Up

CVE-2018-9447

5.5 MEDIUM
Denial of Service

📋 TL;DR

This vulnerability allows local attackers to crash emergency callback mode on Android devices due to a missing null check in the EmergencyCallbackModeExitDialog component. It affects Android devices running vulnerable versions, requiring no user interaction or special privileges for exploitation.

💻 Affected Systems

Products:
  • Android
Versions: Android 8.0 (Oreo) and 8.1 (Oreo)
Operating Systems: Android
Default Config Vulnerable: ⚠️ Yes
Notes: Specifically affects the EmergencyCallbackModeExitDialog component in the Telephony service.

📦 What is this software?

Android by Google

View all CVEs affecting Android →

Android by Google

View all CVEs affecting Android →

Android by Google

View all CVEs affecting Android →

Android by Google

View all CVEs affecting Android →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Emergency callback mode becomes unavailable, potentially preventing emergency calls in critical situations where this mode is active.

🟠

Likely Case

Temporary denial of service affecting emergency callback functionality until device restart or mode reset.

🟢

If Mitigated

No impact if patched or if emergency callback mode is not actively used.

🌐 Internet-Facing: LOW - This is a local vulnerability requiring physical or local access to the device.
🏢 Internal Only: MEDIUM - Could be exploited by malicious apps or users with physical access to affect emergency services functionality.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires local access but no authentication or user interaction. The vulnerability is in a system component accessible to local apps.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Android Security Patch Level 2018-08-01 or later

Vendor Advisory: https://source.android.com/security/bulletin/pixel/2018-08-01

Restart Required: Yes

Instructions:

1. Check for system updates in Settings > System > Advanced > System update. 2. Install the August 2018 Android security patch. 3. Reboot device after installation.

🔧 Temporary Workarounds

Disable emergency callback mode if not needed

android

Emergency callback mode is a specialized feature; disabling it if not required eliminates the attack surface.

🧯 If You Can't Patch

  • Restrict installation of untrusted applications to reduce local attack vectors.
  • Monitor for abnormal crashes in telephony/emergency services components.

🔍 How to Verify

Check if Vulnerable:

Check Android version and security patch level in Settings > About phone > Android version. If security patch level is before 2018-08-01 and Android version is 8.0 or 8.1, device is vulnerable.

Check Version:

adb shell getprop ro.build.version.security_patch

Verify Fix Applied:

Confirm security patch level is 2018-08-01 or later in Settings > About phone > Android version.

📡 Detection & Monitoring

Log Indicators:

  • Unexpected crashes or null pointer exceptions in EmergencyCallbackModeExitDialog or telephony service logs

SIEM Query:

Search for error logs containing 'EmergencyCallbackModeExitDialog' or 'NullPointerException' in telephony-related processes.

📊 Metadata

CVE ID: CVE-2018-9447
CVSS v3 Score: 5.5 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-400
EPSS Score: 0.02% exploit probability (4.6th percentile)
Published: January 17, 2025
Last Updated: July 10, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2018-9447, you might also want to check these:

CVE-2024-45166 9.8

UCI IDOL2 through version 2.12 contains multiple memory corruption vulnerabilities due to improper i...

Same vulnerability type (CWE-400)
CVE-2025-61303 9.8

This vulnerability in Hatching Triage Sandbox allows malware samples to evade detection by recursive...

Same vulnerability type (CWE-400)
CVE-2024-39462 9.8

This is a Linux kernel memory corruption vulnerability in the BCM2711 DVP clock driver where array b...

Same vulnerability type (CWE-400)