PT-2018-2578 · Google+4 · Android Kernel+4

Published

2018-07-02

·

Updated

2019-09-10

·

CVE-2018-9516

CVSS v3.1

7.8

High

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Android kernel
Description The issue is related to a possible out of bounds write in the hid debug events read function of drivers/hid/hid-debug.c. This could lead to local escalation of privilege, requiring System execution privileges. No user interaction is needed for exploitation.
Recommendations For Android kernel, consider applying a patch that includes a bounds check for the hid debug events read function to prevent out of bounds writes. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-787

Related Identifiers

BDU:2019-01053
CESA-2019_2029
CVE-2018-9516
DLA-1529-1
DLA-1531-1
DSA-4308-1
OPENSUSE-SU-2018_3817-1
RHSA-2019:2029
RHSA-2019:2043
RHSA-2019_2029
RHSA-2019_2043
SUSE-SU-2018:3659-1
SUSE-SU-2018:3688-1
SUSE-SU-2018:3689-1
SUSE-SU-2018:3746-1
SUSE-SU-2018:3773-1
SUSE-SU-2018:3869-1
SUSE-SU-2019:0095-1
SUSE-SU-2019:0439-1
SUSE-SU-2019:1289-1
SUSE-SU-2019:13937-1
USN-3871-1
USN-3871-2
USN-3871-3
USN-3871-4
USN-3871-5

Affected Products

Android Kernel
Centos
Red Hat
Suse
Ubuntu