CVE-2018-9385 — Out-of-bounds Write in INC Android

CWE-787 — Out-of-bounds Write CWE-122 — Heap-based Buffer Overflow7 documents7 sources

Severity

7.8HIGHNVD

EPSS

0.1%

top 84.73%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Kernel Google INC Android

Timeline

PublishedNov 6

Latest updateMay 14

Description

In driver_override_store of bus.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-74128061 References: Upstream kernel.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5google_inc/androidAndroid kernel

▶Debianlinux/linux_kernel< 4.16.12-1+3

Patches

Patch: source.android.com ↗Patch: source.android.com ↗

🔴Vulnerability Details

GHSA

GHSA-x85p-qff8-qjww: In driver_override_store of bus↗2022-05-14

▶

CVEList

CVE-2018-9385: In driver_override_store of bus↗2018-11-06

▶

OSV

CVE-2018-9385: In driver_override_store of bus↗2018-11-06

▶

📋Vendor Advisories

Red Hat

kernel: Out-of-bounds write due to incorrect bounds check in drivers/amba/bus.c:driver_override_store()↗2018-11-07

▶

Debian

CVE-2018-9385: linux - In driver_override_store of bus.c, there is a possible out of bounds write due t...↗2018

▶

💬Community

Bugzilla

CVE-2018-9385 kernel: Out-of-bounds write due to incorrect bounds check in drivers/amba/bus.c:driver_override_store()↗2018-11-07

▶