exploitDog

CVE-2017-6292

Опубликовано: 07 июн. 2018

Источник: nvd

CVSS3: 7.8

CVSS2: 7.2

EPSS Низкий

Описание

In Android before the 2018-06-05 security patch level, NVIDIA TLZ TrustZone contains a possible out of bounds write due to integer overflow which could lead to local escalation of privilege in the TrustZone with no additional execution privileges needed. User interaction is not needed for exploitation. This issue is rated as high. Version: N/A. Android: A-69480285. Reference: N-CVE-2017-6292.

Ссылки

https://source.android.com/security/bulletin/2018-06-01
Vendor Advisory
https://source.android.com/security/bulletin/2018-06-01
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:o:google:android:-:*:*:*:*:*:*:*

EPSS

Процентиль: 10%

0.00036

Низкий

7.8 High

CVSS3

7.2 High

CVSS2

Дефекты

CWE-787

Связанные уязвимости

GHSA-xgcp-jrj9-xvpp

CVSS3: 7.8

github

больше 3 лет назад

In Android before the 2018-06-05 security patch level, NVIDIA TLZ TrustZone contains a possible out of bounds write due to integer overflow which could lead to local escalation of privilege in the TrustZone with no additional execution privileges needed. User interaction is not needed for exploitation. This issue is rated as high. Version: N/A. Android: A-69480285. Reference: N-CVE-2017-6292.

EPSS

Процентиль: 10%

0.00036

Низкий

7.8 High

CVSS3

7.2 High

CVSS2

Дефекты

CWE-787