PT-2018-10250 · Amazon · Fire Os
Published
2018-10-16
·
Updated
2018-12-03
·
CVE-2018-11025
CVSS v2.0
7.8
High
| Vector | AV:N/AC:L/Au:N/C:N/I:N/A:C |
Name of the Vulnerable Software and Affected Versions
Fire OS version 4.5.5.3
Description
The issue allows attackers to inject a crafted argument via the
argument of an ioctl on device /dev/twl6030-gpadc with the command 24832 and cause a kernel crash. This is due to a flaw in the kernel/omap/drivers/mfd/twl6030-gpadc.c file in the kernel component.Recommendations
For Fire OS version 4.5.5.3, as a temporary workaround, consider restricting access to the
/dev/twl6030-gpadc device to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.Exploit
Fix
Argument Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Fire Os