exploitDog

CVE-2018-9371

Опубликовано: 19 нояб. 2024

Источник: nvd

CVSS3: 6.4

CVSS3: 7.8

EPSS Низкий

Описание

In the Mediatek Preloader, there are out of bounds reads and writes due to an exposed interface that allows arbitrary peripheral memory mapping with insufficient blacklisting/whitelisting. This could lead to local elevation of privilege, given physical access to the device with no additional execution privileges needed. User interaction is needed for exploitation.

Ссылки

https://source.android.com/security/bulletin/2018-06-01
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:o:google:android:-:*:*:*:*:*:*:*

EPSS

Процентиль: 27%

0.00094

Низкий

6.4 Medium

CVSS3

7.8 High

CVSS3

Дефекты

CWE-125

CWE-125

Связанные уязвимости

GHSA-9wgr-rjc3-37wx

CVSS3: 7.8

github

около 1 года назад

In the Mediatek Preloader, there are out of bounds reads and writes due to an exposed interface that allows arbitrary peripheral memory mapping with insufficient blacklisting/whitelisting. This could lead to local elevation of privilege, given physical access to the device with no additional execution privileges needed. User interaction is needed for exploitation.

EPSS

Процентиль: 27%

0.00094

Низкий

6.4 Medium

CVSS3

7.8 High

CVSS3

Дефекты

CWE-125

CWE-125