Description
The main function in android_main.cpp in thermald allows local users to write to arbitrary files via a symlink attack on /tmp/thermald.pid.
References (2)
Core 2
Core References
Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2014/03/09/2
Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2014/03/08/4
Scores
CVSS v3
5.5
EPSS
0.0005
EPSS Percentile
14.3%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Details
CWE
CWE-59
Status
published
Products (1)
intel/thermald
< 1.8
Published
Mar 26, 2018
Tracked Since
Feb 18, 2026