CVE-2018-9363

Sažetak

In the hidp_process_report in bluetooth, there is an integer overflow. This could lead to an out of bounds write with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-65853588 References: Upstream kernel.

Reference

https://source.android.com/security/bulletin/2018-06-01
https://www.debian.org/security/2018/dsa-4308
https://usn.ubuntu.com/3797-2/
https://usn.ubuntu.com/3797-1/
https://lists.debian.org/debian-lts-announce/2018/10/msg00003.html
https://access.redhat.com/errata/RHSA-2018:2948
https://usn.ubuntu.com/3822-2/
https://usn.ubuntu.com/3820-3/
https://usn.ubuntu.com/3820-2/
https://usn.ubuntu.com/3820-1/
https://usn.ubuntu.com/3822-1/
https://access.redhat.com/errata/RHSA-2019:2043
https://access.redhat.com/errata/RHSA-2019:2029

CVSS

Base:	7.2
Impact:	10.0
Exploitability:	3.9

Pristup

Vektor	Složenost	Autentikacija
LOCAL	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	COMPLETE	COMPLETE

CVSS vektor

AV:L/AC:L/Au:N/C:C/I:C/A:C

Zadnje važnije ažuriranje

19-01-2023 - 16:01

Objavljeno

06-11-2018 - 17:29