Lucene search

K
ubuntucveUbuntu.comUB:CVE-2018-9363
HistoryAug 02, 2018 - 12:00 a.m.

CVE-2018-9363

2018-08-0200:00:00
ubuntu.com
ubuntu.com
8

8.4 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.002 Low

EPSS

Percentile

54.3%

In the hidp_process_report in bluetooth, there is an integer overflow. This
could lead to an out of bounds write with no additional execution
privileges needed. User interaction is not needed for exploitation.
Product: Android Versions: Android kernel Android ID: A-65853588
References: Upstream kernel.

Notes

Author Note
sbeattie net/bluetooth/hidp/core.c::hidp_process_report()
OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchlinux-aws< 4.15.0-1027.27UNKNOWN
ubuntu14.04noarchlinux-aws< 4.4.0-1032.35UNKNOWN
ubuntu16.04noarchlinux-aws< 4.4.0-1070.80UNKNOWN
ubuntu18.04noarchlinux-azure< 4.15.0-1031.32UNKNOWN
ubuntu14.04noarchlinux-azure< 4.15.0-1031.32~14.04.1UNKNOWN
ubuntu16.04noarchlinux-azure< 4.15.0-1031.32~16.04.1UNKNOWN
ubuntu16.04noarchlinux-azure-edge< 4.15.0-1031.32UNKNOWN
ubuntu18.04noarchlinux< 4.15.0-39.42UNKNOWN
ubuntu14.04noarchlinux< 3.13.0-162.212UNKNOWN
ubuntu16.04noarchlinux< 4.4.0-138.164UNKNOWN
Rows per page:
1-10 of 221

8.4 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.002 Low

EPSS

Percentile

54.3%

Related for UB:CVE-2018-9363