Vulnerability Details : CVE-2018-6241
NVIDIA Tegra Gralloc module contains a vulnerability in driver in which it does not validate input parameter of the registerbuffer API, which may lead to arbitrary code execution, denial of service, or escalation of privileges. Android ID: A-62540032 Severity Rating: High Version: N/A.
Vulnerability category: Input validationDenial of service
Products affected by CVE-2018-6241
- cpe:2.3:o:google:android:-:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2018-6241
0.03%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 6 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2018-6241
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
7.2
|
HIGH | AV:L/AC:L/Au:N/C:C/I:C/A:C |
3.9
|
10.0
|
NIST | |
|
7.8
|
HIGH | CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
1.8
|
5.9
|
NIST |
CWE ids for CVE-2018-6241
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2018-6241
-
https://nvidia.custhelp.com/app/answers/detail/a_id/4804
Security Bulletin: NVIDIA SHIELD TV - August 2019 | NVIDIA
-
http://www.securityfocus.com/bid/106476
Google Android NVIDIA Components CVE-2018-6241 Privilege Escalation VulnerabilityThird Party Advisory;VDB Entry
-
https://source.android.com/security/bulletin/2019-01-01
Android Security Bulletin—January 2019 | Android Open Source ProjectVendor Advisory
Jump to