{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2018-9376", "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "state": "PUBLISHED", "assignerShortName": "google_android", "dateReserved": "2018-04-05T00:00:00.000Z", "datePublished": "2024-12-02T20:59:25.345Z", "dateUpdated": "2024-12-03T18:39:18.952Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Android", "vendor": "Google", "versions": [{"status": "affected", "version": "6"}, {"status": "affected", "version": "6.0.1"}, {"status": "affected", "version": "7"}, {"status": "affected", "version": "7.1.1"}, {"status": "affected", "version": "7.1.2"}, {"status": "affected", "version": "8"}, {"status": "affected", "version": "8.1"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">In rpc_msg_handler and related handlers of&nbsp;</span><span style=\"background-color: rgb(255, 255, 255);\">drivers/misc/mediatek/eccci/port_rpc.c, there is a possible out of bounds&nbsp;</span><span style=\"background-color: rgb(255, 255, 255);\">write due to an incorrect bounds check. This could lead to local escalation&nbsp;</span><span style=\"background-color: rgb(255, 255, 255);\">of privilege with System execution privileges needed. User interaction is&nbsp;</span><span style=\"background-color: rgb(255, 255, 255);\">not needed for exploitation.</span><br>"}], "value": "In rpc_msg_handler and related handlers of\u00a0drivers/misc/mediatek/eccci/port_rpc.c, there is a possible out of bounds\u00a0write due to an incorrect bounds check. This could lead to local escalation\u00a0of privilege with System execution privileges needed. User interaction is\u00a0not needed for exploitation."}], "providerMetadata": {"orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android", "dateUpdated": "2024-12-02T20:59:25.345Z"}, "references": [{"url": "https://source.android.com/docs/security/bulletin/pixel/2018-07-01"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-787", "lang": "en", "description": "CWE-787 Out-of-bounds Write"}]}], "affected": [{"vendor": "google", "product": "android", "cpes": ["cpe:2.3:o:google:android:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "2018-07-05", "versionType": "custom"}]}, {"vendor": "google", "product": "pixel", "cpes": ["cpe:2.3:h:google:pixel:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "2018-07-05", "versionType": "custom"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2024-12-03T18:38:15.430097Z", "id": "CVE-2018-9376", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-12-03T18:39:18.952Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2018-9376", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-12-03T18:38:15.430097Z"}}}], "affected": [{"cpes": ["cpe:2.3:o:google:android:*:*:*:*:*:*:*:*"], "vendor": "google", "product": "android", "versions": [{"status": "affected", "version": "0", "lessThan": "2018-07-05", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:h:google:pixel:*:*:*:*:*:*:*:*"], "vendor": "google", "product": "pixel", "versions": [{"status": "affected", "version": "0", "lessThan": "2018-07-05", "versionType": "custom"}], "defaultStatus": "unknown"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-787", "description": "CWE-787 Out-of-bounds Write"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-12-03T18:39:11.248Z"}}], "cna": {"source": {"discovery": "UNKNOWN"}, "affected": [{"vendor": "Google", "product": "Android", "versions": [{"status": "affected", "version": "6"}, {"status": "affected", "version": "6.0.1"}, {"status": "affected", "version": "7"}, {"status": "affected", "version": "7.1.1"}, {"status": "affected", "version": "7.1.2"}, {"status": "affected", "version": "8"}, {"status": "affected", "version": "8.1"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://source.android.com/docs/security/bulletin/pixel/2018-07-01"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "In rpc_msg_handler and related handlers of\u00a0drivers/misc/mediatek/eccci/port_rpc.c, there is a possible out of bounds\u00a0write due to an incorrect bounds check. This could lead to local escalation\u00a0of privilege with System execution privileges needed. User interaction is\u00a0not needed for exploitation.", "supportingMedia": [{"type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">In rpc_msg_handler and related handlers of&nbsp;</span><span style=\"background-color: rgb(255, 255, 255);\">drivers/misc/mediatek/eccci/port_rpc.c, there is a possible out of bounds&nbsp;</span><span style=\"background-color: rgb(255, 255, 255);\">write due to an incorrect bounds check. This could lead to local escalation&nbsp;</span><span style=\"background-color: rgb(255, 255, 255);\">of privilege with System execution privileges needed. User interaction is&nbsp;</span><span style=\"background-color: rgb(255, 255, 255);\">not needed for exploitation.</span><br>", "base64": false}]}], "providerMetadata": {"orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android", "dateUpdated": "2024-12-02T20:59:25.345Z"}}}, "cveMetadata": {"cveId": "CVE-2018-9376", "state": "PUBLISHED", "dateUpdated": "2024-12-03T18:39:18.952Z", "dateReserved": "2018-04-05T00:00:00.000Z", "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "datePublished": "2024-12-02T20:59:25.345Z", "assignerShortName": "google_android"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:google:android:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "E70C6D8D-C9C3-4D92-8DFC-71F59E068295", "vulnerable": true}, {"criteria": "cpe:2.3:o:google:android:6.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "691FA41B-C2CE-413F-ABB1-0B22CB322807", "vulnerable": true}, {"criteria": "cpe:2.3:o:google:android:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "09E6085C-A61E-4A89-BF80-EDD9A7DF1E47", "vulnerable": true}, {"criteria": "cpe:2.3:o:google:android:7.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "D835D592-2423-44C6-804A-3AD010112E7C", "vulnerable": true}, {"criteria": "cpe:2.3:o:google:android:7.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "568E2561-A068-46A2-B331-BBA91FC96F0C", "vulnerable": true}, {"criteria": "cpe:2.3:o:google:android:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "B578E383-0D77-4AC7-9C81-3F0B8C18E033", "vulnerable": true}, {"criteria": "cpe:2.3:o:google:android:8.1:*:*:*:*:*:*:*", "matchCriteriaId": "B06BE74B-83F4-41A3-8AD3-2E6248F7B0B2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In rpc_msg_handler and related handlers of\u00a0drivers/misc/mediatek/eccci/port_rpc.c, there is a possible out of bounds\u00a0write due to an incorrect bounds check. This could lead to local escalation\u00a0of privilege with System execution privileges needed. User interaction is\u00a0not needed for exploitation."}, {"lang": "es", "value": " En rpc_msg_handler y los controladores relacionados de drivers/misc/mediatek/eccci/port_rpc.c, existe una posible escritura fuera de los l\u00edmites debido a una comprobaci\u00f3n de los l\u00edmites incorrecta. Esto podr\u00eda provocar una escalada local de privilegios, siendo necesarios los privilegios de ejecuci\u00f3n del sistema. No se necesita la interacci\u00f3n del usuario para la explotaci\u00f3n."}], "id": "CVE-2018-9376", "lastModified": "2024-12-18T19:37:08.323", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2024-12-02T21:15:09.107", "references": [{"source": "security@android.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://source.android.com/docs/security/bulletin/pixel/2018-07-01"}], "sourceIdentifier": "security@android.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-787"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}