Advisory Details

This vulnerability allows local attackers to force a reboot on vulnerable installations of Google Android. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

The specific flaw exists within the handling of UserCallActivity. The issue lies in the failure to properly handle a NULL pointer dereference. An attacker can leverage this vulnerability to force the device to reboot.

Patched with 2018 JAN SMR

• 2017-11-01 - Vulnerability reported to vendor
• 2018-08-02 - Coordinated public release of advisory
• 2018-08-02 - Advisory Updated