CVE-2018-9416 | In sg_remove_scat of scsi/sg.c, there is a possible memory c… | CVSS 10.0 CRITICAL

Description

In sg_remove_scat of scsi/sg.c, there is a possible memory corruption due to an unusual root cause. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Metadata

CVE ID: CVE-2018-9416
State: PUBLISHED
Assigner: google_android
Reserved: 2018-04-05 00:00 UTC
Published: 2024-12-04 23:36 UTC
Last updated: 2024-12-05 15:41 UTC
Vendor / Product: Google / Android
Sources: cve.org · NVD

Severity & Metrics

10.0 CRITICAL CVSS 4.0

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

SSVC — CISA Coordinator

Exploitation: none
Automatable: no
Tech. Impact: total

Affected products (1)

Vendor	Product	Platform	Versions
Google	Android	—	Kernel

Weakness (CWE)

CWE	Source	Description
—	adp	CWE-noinfo Not enough information

CVSS scores (1)

Score	Severity	Version	Source	Vector
10.0	CRITICAL	4.0	cna	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

References (1)

https://source.android.com/security/bulletin/pixel/2018-07-01