CVE-2018-9363

HIGH

Description

In the hidp_process_report in bluetooth, there is an integer overflow. This could lead to an out of bounds write with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-65853588 References: Upstream kernel.

References

https://access.redhat.com/errata/RHSA-2018:2948

https://access.redhat.com/errata/RHSA-2019:2029

https://access.redhat.com/errata/RHSA-2019:2043

https://lists.debian.org/debian-lts-announce/2018/10/msg00003.html

https://source.android.com/security/bulletin/2018-06-01

https://usn.ubuntu.com/3797-1/

https://usn.ubuntu.com/3797-2/

https://usn.ubuntu.com/3820-1/

https://usn.ubuntu.com/3820-2/

https://usn.ubuntu.com/3820-3/

https://usn.ubuntu.com/3822-1/

https://usn.ubuntu.com/3822-2/

https://www.debian.org/security/2018/dsa-4308

Details

Source: MITRE

Published: 2018-11-06

Updated: 2020-08-24

Type: CWE-787

Risk Information

CVSS v2.0

Base Score: 7.2

Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 3.9

Severity: HIGH

CVSS v3.0

Base Score: 8.4

Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 2.5

Severity: HIGH

Vulnerable Software

Tenable Plugins

View all (31 total)

ID	Name	Product	Family	Severity
132495	NewStart CGSL CORE 5.05 / MAIN 5.05 : kernel-rt Multiple Vulnerabilities (NS-SA-2019-0253)	Nessus	NewStart CGSL Local Security Checks	high
132474	NewStart CGSL CORE 5.05 / MAIN 5.05 : kernel Multiple Vulnerabilities (NS-SA-2019-0247)	Nessus	NewStart CGSL Local Security Checks	high
131805	EulerOS 2.0 SP5 : kernel (EulerOS-SA-2019-2531)	Nessus	Huawei Local Security Checks	high
130736	EulerOS 2.0 SP3 : kernel (EulerOS-SA-2019-2274)	Nessus	Huawei Local Security Checks	critical
129920	NewStart CGSL CORE 5.04 / MAIN 5.04 : kernel-rt Multiple Vulnerabilities (NS-SA-2019-0183)	Nessus	NewStart CGSL Local Security Checks	high
129900	NewStart CGSL CORE 5.04 / MAIN 5.04 : kernel Multiple Vulnerabilities (NS-SA-2019-0180)	Nessus	NewStart CGSL Local Security Checks	high
129066	Amazon Linux 2 : kernel (ALAS-2019-1281)	Nessus	Amazon Linux Local Security Checks	high
129065	Amazon Linux 2 : kernel (ALAS-2019-1280)	Nessus	Amazon Linux Local Security Checks	high
129007	Amazon Linux AMI : kernel (ALAS-2019-1280)	Nessus	Amazon Linux Local Security Checks	high
128651	CentOS 7 : kernel (CESA-2019:2029)	Nessus	CentOS Local Security Checks	high
128226	Scientific Linux Security Update : kernel on SL7.x x86_64 (20190806)	Nessus	Scientific Linux Local Security Checks	high
127655	RHEL 7 : kernel-rt (RHSA-2019:2043)	Nessus	Red Hat Local Security Checks	high
127650	RHEL 7 : kernel (RHSA-2019:2029)	Nessus	Red Hat Local Security Checks	high
123329	openSUSE Security Update : the Linux Kernel (openSUSE-2019-769)	Nessus	SuSE Local Security Checks	high
121605	OracleVM 3.4 : Unbreakable / etc (OVMSA-2019-0002)	Nessus	OracleVM Local Security Checks	high
120976	Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2019-4315)	Nessus	Oracle Linux Local Security Checks	high
120088	SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2018:2539-1)	Nessus	SuSE Local Security Checks	high
118973	Ubuntu 14.04 LTS : Linux kernel vulnerabilities (USN-3822-1)	Nessus	Ubuntu Local Security Checks	high
118970	Ubuntu 14.04 LTS : Linux kernel (Azure) vulnerabilities (USN-3820-3)	Nessus	Ubuntu Local Security Checks	high
118969	Ubuntu 16.04 LTS : Linux kernel (HWE) vulnerabilities (USN-3820-2)	Nessus	Ubuntu Local Security Checks	high
118968	Ubuntu 18.04 LTS : Linux kernel vulnerabilities (USN-3820-1)	Nessus	Ubuntu Local Security Checks	high
118513	RHEL 7 : kernel-alt (RHSA-2018:2948) (Spectre)	Nessus	Red Hat Local Security Checks	high
118328	Ubuntu 14.04 LTS : Linux kernel (Xenial HWE) vulnerabilities (USN-3797-2)	Nessus	Ubuntu Local Security Checks	high
118327	Ubuntu 16.04 LTS : Linux kernel vulnerabilities (USN-3797-1)	Nessus	Ubuntu Local Security Checks	high
118034	SUSE SLES12 Security Update : kernel (SUSE-SU-2018:3084-1)	Nessus	SuSE Local Security Checks	high
117988	openSUSE Security Update : the Linux Kernel (openSUSE-2018-1140)	Nessus	SuSE Local Security Checks	high
117908	Debian DLA-1531-1 : linux-4.9 security update	Nessus	Debian Local Security Checks	high
117862	Debian DSA-4308-1 : linux - security update	Nessus	Debian Local Security Checks	high
117800	SUSE SLES12 Security Update : kernel (SUSE-SU-2018:2858-1)	Nessus	SuSE Local Security Checks	high
117629	SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2018:2776-1)	Nessus	SuSE Local Security Checks	high
117523	openSUSE Security Update : the Linux Kernel (openSUSE-2018-1016)	Nessus	SuSE Local Security Checks	high