CVE-2018-9432: 
NixOS vulnerability analysis and mitigation

CVE-2018-9432 is a high severity elevation of privilege vulnerability affecting Android operating systems. The vulnerability exists in the createPhonebookDialogView and createMapDialogView functions of BluetoothPermissionActivity.java. It was discovered and disclosed in July 2018, affecting Android versions 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, and 8.1 (Android Bulletin).

The vulnerability allows for a possible permissions bypass in the BluetoothPermissionActivity.java component. The issue could lead to local escalation of privilege by hiding and bypassing the user's ability to disable access to contacts. The vulnerability has been assigned a CVSS v3.1 base score of 7.8 HIGH with the vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H (NVD).

The vulnerability could enable a local attacker to escalate privileges by bypassing user permissions related to contact access. No additional execution privileges are needed for exploitation, though user interaction is required. The successful exploitation could result in unauthorized access to contacts and related data (Android Bulletin).

Google addressed this vulnerability in the Android Security Bulletin of July 2018. The fix was included in the 2018-07-01 security patch level. Users are advised to update their Android devices to a security patch level of 2018-07-01 or later to address this vulnerability (Android Bulletin).