CVE-2018-9388Integer Underflow (Wrap or Wraparound) in Google Android

CWE-191Integer Underflow (Wrap or Wraparound)CWE-787Out-of-bounds Write3 documents3 sources
Severity
9.8CRITICALNVD
EPSS
0.1%
top 64.92%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Google Android
Timeline
PublishedDec 5
Latest updateDec 6

Description

In store_upgrade and store_cmd of drivers/input/touchscreen/stm/ftm4_pdc.c, there are out of bound writes due to missing bounds checks or integer underflows. These could lead to escalation of privilege.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages1 packages

CVEListV5google/androidKernel

🔴Vulnerability Details

2
GHSA
GHSA-6rp7-x538-xh3v: In store_upgrade and store_cmd of drivers/input/touchscreen/stm/ftm4_pdc2024-12-06
CVEList
CVE-2018-9388: In store_upgrade and store_cmd of drivers/input/touchscreen/stm/ftm4_pdc2024-12-05
CVE-2018-9388 — Integer Underflow (Wrap or Wraparound) | cvebase