CVE-2018-6241

HIGH

Android NVIDIA Tegra Gralloc - Arbitrary Code Execution via Unvalidated Registerbuffer API Parameter

Title source: llm
STIX 2.1

Description

NVIDIA Tegra Gralloc module contains a vulnerability in driver in which it does not validate input parameter of the registerbuffer API, which may lead to arbitrary code execution, denial of service, or escalation of privileges. Android ID: A-62540032 Severity Rating: High Version: N/A.

References (3)

Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/106476
Vendor Advisory x_refsource_confirm
https://source.android.com/security/bulletin/2019-01-01
Vendor Advisory x_refsource_confirm
https://nvidia.custhelp.com/app/answers/detail/a_id/4804

Scores

CVSS v3 7.8
EPSS 0.0022
EPSS Percentile 12.3%
Attack Vector LOCAL
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-20
Status published
Products (1)
google/android
Published Jan 31, 2019
Tracked Since Feb 18, 2026