CVE-2018-9415

Published: Nov 6, 2018Modified: Nov 21, 2024

7.8

Vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

In driver_override_store and driver_override_show of bus.c, there is a possible double free due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-69129004 References: Upstream kernel.

Affected (3)

Products: Google: Android · Canonical: Ubuntu Linux

1 product

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Google Android	All versions

Configuration B

2 vulnerable

Vulnerable Software	Affected Versions
Canonical Ubuntu Linux	Version 16.04
Canonical Ubuntu Linux	Version 18.04

Related CWEs

The product calls free() twice on the same memory address, potentially leading to modification of unexpected memory locations.

References (8)

https://source.android.com/security/bulletin/pixel/2018-07-01

Source: security@android.com

PatchVendor Advisory

https://usn.ubuntu.com/3752-1/

Source: security@android.com

Third Party Advisory

https://usn.ubuntu.com/3752-2/

Source: security@android.com

Third Party Advisory

https://usn.ubuntu.com/3752-3/

Source: security@android.com

Third Party Advisory

https://source.android.com/security/bulletin/pixel/2018-07-01

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

https://usn.ubuntu.com/3752-1/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://usn.ubuntu.com/3752-2/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://usn.ubuntu.com/3752-3/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.