CVE-2018-9415Double Free in INC Android

CWE-415Double FreeCWE-400Uncontrolled Resource Consumption11 documents8 sources
Severity
7.8HIGHNVD
EPSS
0.1%
top 80.27%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Linux KernelGoogle INC AndroidCanonical Ubuntu Linux
Timeline
PublishedNov 6
Latest updateMay 14

Description

In driver_override_store and driver_override_show of bus.c, there is a possible double free due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-69129004 References: Upstream kernel.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

CVEListV5google_inc/androidAndroid kernel
Debianlinux/linux_kernel< 4.16.12-1+3

Also affects: Ubuntu Linux 16.04, 18.04

Patches

Patch: source.android.comPatch: source.android.com

🔴Vulnerability Details

3
GHSA
GHSA-vfgj-wgwr-rg52: In driver_override_store and driver_override_show of bus2022-05-14
CVEList
CVE-2018-9415: In driver_override_store and driver_override_show of bus2018-11-06
OSV
CVE-2018-9415: In driver_override_store and driver_override_show of bus2018-11-06

📋Vendor Advisories

5
Ubuntu
Linux kernel (Azure, GCP, OEM) vulnerabilities2018-08-28
Ubuntu
Linux kernel vulnerabilities2018-08-24
Ubuntu
Linux kernel (HWE) vulnerabilities2018-08-24
Red Hat
kernel: race condition in the ARM Advanced Microcontroller Bus Architecture (AMBA) driver2018-07-02
Debian
CVE-2018-9415: linux - In driver_override_store and driver_override_show of bus.c, there is a possible ...2018

💬Community

2
Bugzilla
CVE-2018-9415 kernel: race condition in the ARM Advanced Microcontroller Bus Architecture (AMBA) driver [fedora-all]2018-09-14
Bugzilla
CVE-2018-9415 kernel: race condition in the ARM Advanced Microcontroller Bus Architecture (AMBA) driver2018-09-14
CVE-2018-9415 — Double Free in Google INC Android | cvebase