CVE-2018-9385

HIGH

Android - Out-of-bounds Write in driver_override_store

Title source: llm
STIX 2.1

Description

In driver_override_store of bus.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-74128061 References: Upstream kernel.

References (2)

Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/105887
Patch, Vendor Advisory x_refsource_confirm
https://source.android.com/security/bulletin/pixel/2018-06-01

Scores

CVSS v3 7.8
EPSS 0.0026
EPSS Percentile 16.8%
Attack Vector LOCAL
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-787
Status published
Products (1)
google/android
Published Nov 06, 2018
Tracked Since Feb 18, 2026