In XBLRamDump mode, there is a debug feature that can be used to dump memory contents, if an attacker has physical access to the device. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-64610940.
References
Link | Resource |
---|---|
https://source.android.com/security/bulletin/2018-02-01 | Vendor Advisory |
http://www.securityfocus.com/bid/103024 | Third Party Advisory VDB Entry |
Configurations
Information
Published : 2018-02-12 11:29
Updated : 2018-03-13 07:44
NVD link : CVE-2017-13238
Mitre link : CVE-2017-13238
JSON object : View
CWE
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
Products Affected
- android