CVE-2018-9486: 
NixOS vulnerability analysis and mitigation

In hidh_l2cif_data_ind of hidh_conn.cc, there is a possible out of bounds read due to a missing bounds check. This vulnerability (CVE-2018-9486) affects Android versions 7.0, 7.1.1, 7.1.2, 8.0, 8.1, and 9.0. The vulnerability was disclosed in the Android Security Bulletin of September 2018 (Android Bulletin).

The vulnerability is classified as an Information Disclosure issue with High severity. It exists in the System component of Android and received a CVSS v3.1 Base Score of 6.5 MEDIUM (Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). The vulnerability stems from a missing bounds check in the hidh_l2cif_data_ind function within the hidh_conn.cc file, which could lead to an out-of-bounds read condition (NVD).

This vulnerability could lead to local information disclosure over bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation (MITRE).

The vulnerability was addressed in the Android Security Patch Level 2018-09-01. Users should update their Android devices to a security patch level of 2018-09-01 or later to address this issue (Android Bulletin).