Main Vulnerability Database Vulnerabilities #VU36452

Out-of-bounds write in Google Android - CVE-2018-9385

Published: November 6, 2018 / Updated: August 8, 2020

Vulnerability identifier: #VU36452

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2018-9385

CWE-ID: CWE-787

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: Google

Affected software:
Google Android

Detailed vulnerability description

The vulnerability allows a local authenticated user to execute arbitrary code.

In driver_override_store of bus.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-74128061 References: Upstream kernel.

How to mitigate CVE-2018-9385

Install update from vendor's website.

Out-of-bounds write in Google Android - CVE-2018-9385

Detailed vulnerability description

How to mitigate CVE-2018-9385

Sources

Please verify you're human