PT-2018-3027 · Google+6 · Android Kernel+6

Published

2018-08-02

·

Updated

2023-01-19

·

CVE-2018-9363

CVSS v3.1

8.4

High

VectorAV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Android kernel
Description The issue is caused by an integer overflow in the hidp process report function in the bluetooth component of the Linux kernel. This could lead to an out of bounds write with no additional execution privileges needed. User interaction is not required for exploitation. The vulnerability may allow an attacker to impact the confidentiality, integrity, and availability of protected information.
Recommendations For Android kernel, consider applying the upstream kernel fix to resolve the issue. As a temporary workaround, consider restricting access to the bluetooth component to minimize the risk of exploitation.

Fix

Memory Corruption

Integer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-787CWE-190

Related Identifiers

ALT-PU-2018-2181
ALT-PU-2018-2195
ALT-PU-2018-2196
ALT-PU-2018-2203
BDU:2019-03460
CESA-2019_2029
CVE-2018-9363
DLA-1529-1
DLA-1531-1
DSA-4308-1
OPENSUSE-SU-2018_2738-1
OPENSUSE-SU-2018_3071-1
RHSA-2018:2948
RHSA-2019:2029
RHSA-2019:2043
RHSA-2019_2029
RHSA-2019_2043
SUSE-SU-2018:2538-1
SUSE-SU-2018:2539-1
SUSE-SU-2018:2596-1
SUSE-SU-2018:2775-1
SUSE-SU-2018:2776-1
SUSE-SU-2018:2858-1
SUSE-SU-2018:3084-1
SUSE-SU-2018:3961-1
USN-3797-1
USN-3797-2
USN-3820-1
USN-3820-2
USN-3820-3
USN-3822-1
USN-3822-2

Affected Products

Alt Linux
Android Kernel
Centos
Linux Kernel
Red Hat
Suse
Ubuntu