Main Vulnerability Database Vulnerabilities #VU36178

Input validation error in Google Android - CVE-2018-6241

Published: January 31, 2019 / Updated: August 8, 2020

Vulnerability identifier: #VU36178

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2018-6241

CWE-ID: CWE-20

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: Google

Affected software:
Google Android

Detailed vulnerability description

The vulnerability allows a local authenticated user to execute arbitrary code.

NVIDIA Tegra Gralloc module contains a vulnerability in driver in which it does not validate input parameter of the registerbuffer API, which may lead to arbitrary code execution, denial of service, or escalation of privileges. Android ID: A-62540032 Severity Rating: High Version: N/A.

How to mitigate CVE-2018-6241

Install update from vendor's website.

Sources

http://www.securityfocus.com/bid/106476
https://nvidia.custhelp.com/app/answers/detail/a_id/4804
https://source.android.com/security/bulletin/2019-01-01

Input validation error in Google Android - CVE-2018-6241

Detailed vulnerability description

How to mitigate CVE-2018-6241

Sources

Please verify you're human