CVE-2018-6241
HIGHAndroid NVIDIA Tegra Gralloc - Arbitrary Code Execution via Unvalidated Registerbuffer API Parameter
Title source: llmDescription
NVIDIA Tegra Gralloc module contains a vulnerability in driver in which it does not validate input parameter of the registerbuffer API, which may lead to arbitrary code execution, denial of service, or escalation of privileges. Android ID: A-62540032 Severity Rating: High Version: N/A.
References (3)
Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/106476
Vendor Advisory x_refsource_confirm
https://source.android.com/security/bulletin/2019-01-01
Vendor Advisory x_refsource_confirm
https://nvidia.custhelp.com/app/answers/detail/a_id/4804
Scores
CVSS v3
7.8
EPSS
0.0022
EPSS Percentile
12.3%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-20
Status
published
Products (1)
google/android
Published
Jan 31, 2019
Tracked Since
Feb 18, 2026