In the hidp_process_report in bluetooth, there is an integer overflow. This could lead to an out of bounds write with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-65853588 References: Upstream kernel.

Metrics

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact High

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Affected Vendors & Products

Vendors Products
Canonical
  • Ubuntu Linux
Debian
  • Debian Linux
Google
  • Android
Linux
  • Linux Kernel
Redhat
  • Enterprise Linux
  • Rhel Extras Rt

Configuration 1 [-]

cpe:2.3:o:google:android:-:*:*:*:*:*:*:*

Configuration 2 [-]

OR cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*

Configuration 3 [-]

OR cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

Configuration 4 [-]

OR cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Package CPE Advisory Released Date
Red Hat Enterprise Linux 7
kernel-rt-0:3.10.0-1062.rt56.1022.el7 cpe:/a:redhat:rhel_extras_rt:7 RHSA-2019:2043 2019-08-07T00:00:00Z
kernel-alt-0:4.14.0-115.el7a cpe:/o:redhat:enterprise_linux:7 RHSA-2018:2948 2018-10-30T00:00:00Z
kernel-0:3.10.0-1062.el7 cpe:/o:redhat:enterprise_linux:7 RHSA-2019:2029 2019-08-06T00:00:00Z
References
Link Providers
https://access.redhat.com/errata/RHSA-2018:2948 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2019:2029 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2019:2043 cve-icon cve-icon
https://lists.debian.org/debian-lts-announce/2018/10/msg00003.html cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2018-9363 cve-icon
https://source.android.com/security/bulletin/2018-06-01 cve-icon cve-icon
https://usn.ubuntu.com/3797-1/ cve-icon cve-icon
https://usn.ubuntu.com/3797-2/ cve-icon cve-icon
https://usn.ubuntu.com/3820-1/ cve-icon cve-icon
https://usn.ubuntu.com/3820-2/ cve-icon cve-icon
https://usn.ubuntu.com/3820-3/ cve-icon cve-icon
https://usn.ubuntu.com/3822-1/ cve-icon cve-icon
https://usn.ubuntu.com/3822-2/ cve-icon cve-icon
https://www.cve.org/CVERecord?id=CVE-2018-9363 cve-icon
https://www.debian.org/security/2018/dsa-4308 cve-icon cve-icon
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: google_android

Published:

Updated: 2024-09-16T18:38:38.597Z

Reserved: 2018-04-05T00:00:00

Link: CVE-2018-9363

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2018-11-06T17:29:00.567

Modified: 2024-11-21T04:15:24.487

Link: CVE-2018-9363

cve-icon Redhat

Severity : Moderate

Publid Date: 2018-08-16T00:00:00Z

Links: CVE-2018-9363 - Bugzilla