Unrated severityNVD Advisory· Published Nov 6, 2018· Updated Sep 17, 2024

CVE-2018-9385

Description

In driver_override_store of bus.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-74128061 References: Upstream kernel.

Affected products

osv-coords60 versions
pkg:rpm/suse/kernel-azure&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015 pkg:rpm/suse/kernel-default&distro=SUSE%20Enterprise%20Storage%204 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP3 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2012%20SP2 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2012%20SP3 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2015 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Legacy%2015 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCL pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-LTSS pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012%20SP3 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2015 pkg:rpm/suse/kernel-default&distro=SUSE%20OpenStack%20Cloud%207 pkg:rpm/suse/kernel-docs&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015 pkg:rpm/suse/kernel-docs&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP3 pkg:rpm/suse/kernel-livepatch-SLE15_Update_1&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015 pkg:rpm/suse/kernel-obs-build&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015 pkg:rpm/suse/kernel-obs-build&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP3 pkg:rpm/suse/kernel-rt_debug&distro=SUSE%20Linux%20Enterprise%20Real%20Time%2012%20SP3 pkg:rpm/suse/kernel-rt&distro=SUSE%20Linux%20Enterprise%20Real%20Time%2012%20SP3 pkg:rpm/suse/kernel-source-azure&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015 pkg:rpm/suse/kernel-source&distro=SUSE%20Enterprise%20Storage%204 pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP3 pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015 pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015 pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCL pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-LTSS pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3 pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2 pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3 pkg:rpm/suse/kernel-source&distro=SUSE%20OpenStack%20Cloud%207 pkg:rpm/suse/kernel-source-rt&distro=SUSE%20Linux%20Enterprise%20Real%20Time%2012%20SP3 pkg:rpm/suse/kernel-syms-azure&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015 pkg:rpm/suse/kernel-syms&distro=SUSE%20Enterprise%20Storage%204 pkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP3 pkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015 pkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCL pkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-LTSS pkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3 pkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2 pkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3 pkg:rpm/suse/kernel-syms&distro=SUSE%20OpenStack%20Cloud%207 pkg:rpm/suse/kernel-syms-rt&distro=SUSE%20Linux%20Enterprise%20Real%20Time%2012%20SP3 pkg:rpm/suse/kernel-vanilla&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015 pkg:rpm/suse/kernel-zfcpdump&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015 pkg:rpm/suse/kgraft-patch-SLE12-SP2_Update_24&distro=SUSE%20Enterprise%20Storage%204 pkg:rpm/suse/kgraft-patch-SLE12-SP2_Update_24&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCL pkg:rpm/suse/kgraft-patch-SLE12-SP2_Update_24&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-LTSS pkg:rpm/suse/kgraft-patch-SLE12-SP2_Update_24&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2 pkg:rpm/suse/kgraft-patch-SLE12-SP2_Update_24&distro=SUSE%20OpenStack%20Cloud%207 pkg:rpm/suse/kgraft-patch-SLE12-SP3_Update_15&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2012%20SP3 pkg:rpm/suse/lttng-modules&distro=SUSE%20Enterprise%20Storage%204 pkg:rpm/suse/lttng-modules&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCL pkg:rpm/suse/lttng-modules&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-LTSS pkg:rpm/suse/lttng-modules&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2 pkg:rpm/suse/lttng-modules&distro=SUSE%20OpenStack%20Cloud%207
< 4.12.14-5.8.1+ 59 more
- (no CPE)range: < 4.12.14-5.8.1
- (no CPE)range: < 4.4.121-92.92.1
- (no CPE)range: < 4.4.140-94.42.1
- (no CPE)range: < 4.4.121-92.92.1
- (no CPE)range: < 4.4.140-94.42.1
- (no CPE)range: < 4.12.14-25.3.1
- (no CPE)range: < 4.12.14-25.3.1
- (no CPE)range: < 4.12.14-25.3.1
- (no CPE)range: < 4.12.14-25.3.1
- (no CPE)range: < 4.4.121-92.92.1
- (no CPE)range: < 4.4.121-92.92.1
- (no CPE)range: < 4.4.140-94.42.1
- (no CPE)range: < 4.4.121-92.92.1
- (no CPE)range: < 4.4.140-94.42.1
- (no CPE)range: < 4.4.140-94.42.1
- (no CPE)range: < 4.12.14-25.3.1
- (no CPE)range: < 4.4.121-92.92.1
- (no CPE)range: < 4.12.14-25.3.1
- (no CPE)range: < 4.4.140-94.42.1
- (no CPE)range: < 1-1.3.1
- (no CPE)range: < 4.12.14-25.3.1
- (no CPE)range: < 4.4.140-94.42.1
- (no CPE)range: < 4.4.139-3.17.1
- (no CPE)range: < 4.4.139-3.17.1
- (no CPE)range: < 4.12.14-5.8.1
- (no CPE)range: < 4.4.121-92.92.1
- (no CPE)range: < 4.4.140-94.42.1
- (no CPE)range: < 4.12.14-25.3.1
- (no CPE)range: < 4.12.14-25.3.1
- (no CPE)range: < 4.4.121-92.92.1
- (no CPE)range: < 4.4.121-92.92.1
- (no CPE)range: < 4.4.140-94.42.1
- (no CPE)range: < 4.4.121-92.92.1
- (no CPE)range: < 4.4.140-94.42.1
- (no CPE)range: < 4.4.121-92.92.1
- (no CPE)range: < 4.4.139-3.17.1
- (no CPE)range: < 4.12.14-5.8.1
- (no CPE)range: < 4.4.121-92.92.1
- (no CPE)range: < 4.4.140-94.42.1
- (no CPE)range: < 4.12.14-25.3.1
- (no CPE)range: < 4.4.121-92.92.1
- (no CPE)range: < 4.4.121-92.92.1
- (no CPE)range: < 4.4.140-94.42.1
- (no CPE)range: < 4.4.121-92.92.1
- (no CPE)range: < 4.4.140-94.42.1
- (no CPE)range: < 4.4.121-92.92.1
- (no CPE)range: < 4.4.139-3.17.1
- (no CPE)range: < 4.12.14-25.3.1
- (no CPE)range: < 4.12.14-25.3.1
- (no CPE)range: < 1-3.7.1
- (no CPE)range: < 1-3.7.1
- (no CPE)range: < 1-3.7.1
- (no CPE)range: < 1-3.7.1
- (no CPE)range: < 1-3.7.1
- (no CPE)range: < 1-4.3.1
- (no CPE)range: < 2.7.1-9.4.1
- (no CPE)range: < 2.7.1-9.4.1
- (no CPE)range: < 2.7.1-9.4.1
- (no CPE)range: < 2.7.1-9.4.1
- (no CPE)range: < 2.7.1-9.4.1
Google/Androidv5
Range: Android kernel

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.securityfocus.com/bid/105887mitrevdb-entryx_refsource_BID
source.android.com/security/bulletin/pixel/2018-06-01mitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000