CVE-2018-9519 — Race Condition in INC Android

CWE-362 — Race Condition4 documents4 sources

Severity

6.4MEDIUMNVD

EPSS

0.0%

top 98.84%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Google INC Android

Timeline

PublishedDec 7

Latest updateMay 14

Description

In easelcomm_hw_build_scatterlist, there is a possible out of bounds write due to a race condition. This could lead to local escalation of privilege with System privileges required. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-69808833.

CVSS vector

CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 0.5 | Impact: 5.9

Affected Packages1 packages

▶CVEListV5google_inc/androidAndroid Kernel

🔴Vulnerability Details

GHSA

GHSA-xr3v-r79c-636q: In easelcomm_hw_build_scatterlist, there is a possible out of bounds write due to a race condition↗2022-05-14

▶

OSV

CVE-2018-9519: In easelcomm_hw_build_scatterlist, there is a possible out of bounds write due to a race condition↗2018-12-07

▶

CVEList

CVE-2018-9519: In easelcomm_hw_build_scatterlist, there is a possible out of bounds write due to a race condition↗2018-12-07

▶