CVE-2018-9371

In the Mediatek Preloader, there are out of bounds reads and writes due to an exposed interface that allows arbitrary peripheral memory mapping with insufficient blacklisting/whitelisting. This could lead to local elevation of privilege, given physical access to the device with no additional execution privileges needed. User interaction is needed for exploitation.

CVSS v3 6.4 MEDIUM

6.4^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 0.5 / Impact : 5.9

Attack Vector PHYSICAL

Attack Complexity LOW

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://source.android.com/security/bulletin/2018-06-01	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:o:google:android:-:*:*:*:*:*:*:*

History

22 Nov 2024, 21:25

Type	Values Removed	Values Added
CPE		cpe:2.3:o:google:android:-:::::::*
CVSS	v2 : ~~unknown~~ v3 : ~~7.8~~	v2 : unknown v3 : 6.4
References	~~() https://source.android.com/security/bulletin/2018-06-01 -~~	() https://source.android.com/security/bulletin/2018-06-01 - Vendor Advisory
First Time		Google Google android

20 Nov 2024, 20:35

Type	Values Removed	Values Added
Summary		(es) En Mediatek Preloader, hay lecturas y escrituras fuera de los límites debido a una interfaz expuesta que permite la asignación arbitraria de memoria periférica con listas negras o listas blancas insuficientes. Esto podría llevar a una elevación local de privilegios, dado el acceso físico al dispositivo sin necesidad de privilegios de ejecución adicionales. Se necesita la interacción del usuario para la explotación.
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 7.8
CWE		CWE-787 CWE-125

19 Nov 2024, 20:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-11-19 20:15

Updated : 2024-11-22 21:25

NVD link : CVE-2018-9371

Mitre link : CVE-2018-9371

CVE.ORG link : CVE-2018-9371

JSON object : View

Products Affected

google

android

CWE

CWE-125

Out-of-bounds Read

CWE-787

Out-of-bounds Write

{"id": "CVE-2018-9371", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.4, "attackVector": "PHYSICAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 0.5}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2024-11-19T20:15:27.843", "references": [{"url": "https://source.android.com/security/bulletin/2018-06-01", "tags": ["Vendor Advisory"], "source": "security@android.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-125"}, {"lang": "en", "value": "CWE-787"}]}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-125"}, {"lang": "en", "value": "CWE-787"}]}], "descriptions": [{"lang": "en", "value": "In the Mediatek Preloader, there are out of bounds reads and writes due to an exposed interface that allows arbitrary peripheral memory mapping with insufficient blacklisting/whitelisting. This could lead to local elevation of privilege, given physical access to the device with no additional execution privileges needed. User interaction is needed for exploitation."}, {"lang": "es", "value": "En Mediatek Preloader, hay lecturas y escrituras fuera de los l\u00edmites debido a una interfaz expuesta que permite la asignaci\u00f3n arbitraria de memoria perif\u00e9rica con listas negras o listas blancas insuficientes. Esto podr\u00eda llevar a una elevaci\u00f3n local de privilegios, dado el acceso f\u00edsico al dispositivo sin necesidad de privilegios de ejecuci\u00f3n adicionales. Se necesita la interacci\u00f3n del usuario para la explotaci\u00f3n."}], "lastModified": "2024-11-22T21:25:48.853", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26"}], "operator": "OR"}]}], "sourceIdentifier": "security@android.com"}