exploitDog

CVE-2018-6241

Опубликовано: 31 янв. 2019

Источник: nvd

CVSS3: 7.8

CVSS2: 7.2

EPSS Низкий

Описание

NVIDIA Tegra Gralloc module contains a vulnerability in driver in which it does not validate input parameter of the registerbuffer API, which may lead to arbitrary code execution, denial of service, or escalation of privileges. Android ID: A-62540032 Severity Rating: High Version: N/A.

Ссылки

http://www.securityfocus.com/bid/106476
Third Party Advisory
VDB Entry
https://nvidia.custhelp.com/app/answers/detail/a_id/4804
https://source.android.com/security/bulletin/2019-01-01
Vendor Advisory
http://www.securityfocus.com/bid/106476
Third Party Advisory
VDB Entry
https://nvidia.custhelp.com/app/answers/detail/a_id/4804
https://source.android.com/security/bulletin/2019-01-01
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:o:google:android:-:*:*:*:*:*:*:*

EPSS

Процентиль: 9%

0.00032

Низкий

7.8 High

CVSS3

7.2 High

CVSS2

Дефекты

CWE-20

Связанные уязвимости

GHSA-2x4x-73fj-7gr8

CVSS3: 7.8

github

больше 3 лет назад

NVIDIA Tegra Gralloc module contains a vulnerability in driver in which it does not validate input parameter of the registerbuffer API, which may lead to arbitrary code execution, denial of service, or escalation of privileges. Android ID: A-62540032 Severity Rating: High Version: N/A.

EPSS

Процентиль: 9%

0.00032

Низкий

7.8 High

CVSS3

7.2 High

CVSS2

Дефекты

CWE-20