CVE-2018-9385 - In driver_override_store of bus.c, there is a possible out of bounds write due to an incorrect bound

CVE-2018-9385

Summary

In driver_override_store of bus.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-74128061 References: Upstream kernel.

References

http://www.securityfocus.com/bid/105887
https://source.android.com/security/bulletin/pixel/2018-06-01

Vulnerable Configurations

cpe:2.3:o:google:android:-:*:*:*:*:*:*:*
cpe:2.3:o:google:android:-:*:*:*:*:*:*:*

CVSS

Base:	4.6 (as of 12-12-2018 - 21:37)
Impact:
Exploitability:

CWE

CWE-787

CAPEC

Access

Vector	Complexity	Authentication
LOCAL	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:L/AC:L/Au:N/C:P/I:P/A:P

refmap via4

bid	105887
confirm	https://source.android.com/security/bulletin/pixel/2018-06-01

Last major update

12-12-2018 - 21:37

Published

06-11-2018 - 17:29

Last modified

12-12-2018 - 21:37