PT-2018-2703 · Google+5 · Android Kernel+5

Publicado

2017-10-13

·

Atualizado

2023-02-24

·

CVE-2018-9568

CVSS v3.1

7.8

Alta

VetorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Android kernel
Description The issue is related to a possible memory corruption due to type confusion in the sk clone lock function of sock.c. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not required for exploitation. The vulnerability may also cause a denial of service or allow an attacker to execute arbitrary code.
Recommendations For Android kernel, update to a version that includes the fix for the type confusion issue in sk clone lock of sock.c. As a temporary workaround, consider restricting access to the sk clone lock function until a patch is available.

Correção

Incorrect Type Conversion or Cast

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-704

Identificadores relacionados

ALT-PU-2017-2424
ALT-PU-2017-2425
BDU:2019-01417
CESA-2019_0512
CESA-2019_2736
CVE-2018-9568
OPENSUSE-SU-2019:0065-1
OPENSUSE-SU-2019_0065-1
OPENSUSE-SU-2019_0140-1
RHSA-2019:0512
RHSA-2019:0514
RHSA-2019:2696
RHSA-2019:2730
RHSA-2019:2736
RHSA-2019:3967
RHSA-2019:4056
RHSA-2019:4159
RHSA-2019:4164
RHSA-2019:4255
RHSA-2019_0512
RHSA-2019_0514
RHSA-2019_2736
SUSE-SU-2018:4153-1
SUSE-SU-2018:4154-1
SUSE-SU-2018:4157-1
SUSE-SU-2018:4158-1
SUSE-SU-2018:4195-1
SUSE-SU-2018:4196-1
SUSE-SU-2018:4238-1
SUSE-SU-2018_4154-1
SUSE-SU-2018_4158-1
SUSE-SU-2018_4196-1
SUSE-SU-2019:0148-1
SUSE-SU-2019:0150-1
SUSE-SU-2019:0196-1
SUSE-SU-2019:0222-1
SUSE-SU-2019:0224-1
SUSE-SU-2019:0320-1
SUSE-SU-2019:0439-1
SUSE-SU-2019:0541-1
SUSE-SU-2019:1289-1
SUSE-SU-2019:13937-1
SUSE-SU-2019:13979-1
USN-3880-1
USN-3880-2

Produtos afetados

Alt Linux
Android Kernel
Centos
Red Hat
Suse
Ubuntu