CVE-2018-9518

Опубликовано: 14 сент. 2018

Источник: redhat

CVSS3: 6.7

EPSS Низкий

Описание

In nfc_llcp_build_sdreq_tlv of llcp_commands.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-73083945.

A flaw was found in the Linux kernel in nfc_llcp_build_sdreq_tlv() in net/nfc/llcp_commands.c that lack of size check may lead to an out of bounds write.

Затронутые пакеты

Платформа	Пакет	Состояние
Red Hat Enterprise Linux 5	kernel	Not affected
Red Hat Enterprise Linux 6	kernel	Not affected
Red Hat Enterprise Linux 7	kernel	Not affected
Red Hat Enterprise Linux 7	kernel-alt	Not affected
Red Hat Enterprise Linux 7	kernel-rt	Not affected
Red Hat Enterprise Linux 8	kernel	Not affected
Red Hat Enterprise Linux 8	kernel-rt	Not affected
Red Hat Enterprise MRG 2	kernel-rt	Not affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-787

https://bugzilla.redhat.com/show_bug.cgi?id=1631027kernel: NFC: llcp: Out of bounds write in nfc_llcp_sdp_tlv struct in nfc/llcp_commands.c

EPSS

Процентиль: 21%

0.00069

Низкий

6.7 Medium

CVSS3

Связанные уязвимости

CVE-2018-9518

CVSS3: 7.8

ubuntu

около 7 лет назад

CVE-2018-9518

CVSS3: 7.8

nvd

около 7 лет назад

CVE-2018-9518

CVSS3: 7.8

debian

около 7 лет назад

In nfc_llcp_build_sdreq_tlv of llcp_commands.c, there is a possible ou ...

GHSA-37mc-f722-26x4

CVSS3: 7.8

github

больше 3 лет назад

EPSS

Процентиль: 21%

0.00069

Низкий

6.7 Medium

CVSS3