CVE-2018-9415 - In driver_override_store and driver_override_show of bus.c, there is a possible double free due to i

CVE-2018-9415

Summary

In driver_override_store and driver_override_show of bus.c, there is a possible double free due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-69129004 References: Upstream kernel.

References

Vulnerable Configurations

cpe:2.3:o:google:android:-:*:*:*:*:*:*:*
cpe:2.3:o:google:android:-:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*

CVSS

Base:	4.6 (as of 12-12-2018 - 21:36)
Impact:
Exploitability:

CWE

CWE-415

CAPEC

Access

Vector	Complexity	Authentication
LOCAL	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:L/AC:L/Au:N/C:P/I:P/A:P

refmap via4

confirm	https://source.android.com/security/bulletin/pixel/2018-07-01
ubuntu	USN-3752-1 USN-3752-2 USN-3752-3

Last major update

12-12-2018 - 21:36

Published

06-11-2018 - 17:29

Last modified

12-12-2018 - 21:36