Login Sign Up

CVE-2018-9470

8.8 HIGH

📋 TL;DR

CVE-2018-9470 is an out-of-bounds write vulnerability in Android's Scanner.c that allows remote privilege escalation. Attackers can exploit this by tricking users into interacting with malicious content, potentially gaining elevated privileges on affected devices. This affects Android devices running vulnerable versions.

💻 Affected Systems

Products:
  • Android
Versions: Android 8.0 (Oreo) and 8.1 (Oreo)
Operating Systems: Android
Default Config Vulnerable: ⚠️ Yes
Notes: Affects devices running Android 8.x Oreo that haven't applied the September 2018 security patch. User interaction required for exploitation.

📦 What is this software?

Android by Google

View all CVEs affecting Android →

Android by Google

View all CVEs affecting Android →

Android by Google

View all CVEs affecting Android →

Android by Google

View all CVEs affecting Android →

Android by Google

View all CVEs affecting Android →

Android by Google

View all CVEs affecting Android →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote attacker gains full system control over Android device, potentially installing persistent malware, accessing sensitive data, or bricking the device.

🟠

Likely Case

Local privilege escalation allowing unprivileged apps to gain system-level permissions, potentially leading to data theft or further exploitation.

🟢

If Mitigated

Limited impact with proper app sandboxing and security updates applied; exploitation would be contained within app boundaries.

🌐 Internet-Facing: MEDIUM
🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires user interaction (opening malicious content). Multiple proof-of-concepts exist in security research repositories.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Android Security Patch Level 2018-09-01 or later

Vendor Advisory: https://source.android.com/security/bulletin/2018-09-01

Restart Required: Yes

Instructions:

1. Check for system updates in Settings > System > Advanced > System update. 2. Install September 2018 or later Android security patch. 3. Reboot device after installation.

🔧 Temporary Workarounds

Disable vulnerable scanner components

android

Temporarily disable affected scanner functionality through developer options

adb shell pm disable com.android.scanner

🧯 If You Can't Patch

  • Restrict app installations to Google Play Store only
  • Implement mobile device management (MDM) with strict app whitelisting

🔍 How to Verify

Check if Vulnerable:

Check Android version and security patch level in Settings > About phone > Android version

Check Version:

adb shell getprop ro.build.version.security_patch

Verify Fix Applied:

Verify security patch level shows 'September 1, 2018' or later in Settings > About phone

📡 Detection & Monitoring

Log Indicators:

  • Unexpected process privilege escalation
  • Scanner service crashes
  • SELinux denials related to scanner processes

Network Indicators:

  • Unusual outbound connections from system processes
  • Suspicious app behavior patterns

SIEM Query:

process:scanner AND (privilege_escalation OR out_of_bounds_write)

📊 Metadata

CVE ID: CVE-2018-9470
CVSS v3 Score: 8.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-787
Published: November 20, 2024
Last Updated: December 18, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2018-9470, you might also want to check these:

CVE-2022-43604 10.0

CVE-2022-43604 is a critical out-of-bounds write vulnerability in the OpENer EtherNet/IP stack that ...

Same vulnerability type (CWE-787)
CVE-2025-24201 10.0

This critical vulnerability allows malicious web content to break out of the Web Content sandbox via...

Same vulnerability type (CWE-787)
CVE-2020-14871 10.0

This is a critical buffer overflow vulnerability (CWE-787) in Oracle Solaris's Pluggable Authenticat...

Same vulnerability type (CWE-787)