# |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
1 |
CVE-2018-1000667 |
119 |
|
Overflow Mem. Corr. |
2018-09-06 |
2020-07-13 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
NASM nasm-2.13.03 nasm- 2.14rc15 version 2.14rc15 and earlier contains a memory corruption (crashed) of nasm when handling a crafted file due to function assemble_file(inname, depend_ptr) at asm/nasm.c:482. vulnerability in function assemble_file(inname, depend_ptr) at asm/nasm.c:482. that can result in aborting/crash nasm program. This attack appear to be exploitable via a specially crafted asm file.. |
2 |
CVE-2018-1000199 |
119 |
|
Exec Code Overflow Mem. Corr. |
2018-05-24 |
2020-08-24 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
The Linux Kernel version 3.18 contains a dangerous feature vulnerability in modify_user_hw_breakpoint() that can result in crash and possibly memory corruption. This attack appear to be exploitable via local code execution and the ability to use ptrace. This vulnerability appears to have been fixed in git commit f67b15037a7a50c57f72e69a6d59941ad90a0f0f. |
3 |
CVE-2018-1000052 |
134 |
|
DoS Mem. Corr. |
2018-02-09 |
2020-08-24 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
fmtlib version prior to version 4.1.0 (before commit 0555cea5fc0bf890afe0071a558e44625a34ba85) contains a Memory corruption (SIGSEGV), CWE-134 vulnerability in fmt::print() library function that can result in Denial of Service. This attack appear to be exploitable via Specifying an invalid format specifier in the fmt::print() function results in a SIGSEGV (memory corruption, invalid write). This vulnerability appears to have been fixed in after commit 8cf30aa2be256eba07bb1cefb998c52326e846e7. |
4 |
CVE-2018-1000050 |
119 |
|
DoS Overflow Mem. Corr. |
2018-02-09 |
2018-03-08 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Sean Barrett stb_vorbis version 1.12 and earlier contains a Buffer Overflow vulnerability in All vorbis decoding paths. that can result in memory corruption, denial of service, comprised execution of host program. This attack appear to be exploitable via Victim must open a specially crafted Ogg Vorbis file. This vulnerability appears to have been fixed in 1.13. |
5 |
CVE-2018-1000030 |
787 |
|
Overflow Mem. Corr. |
2018-02-08 |
2020-08-24 |
3.3 |
None |
Local |
Medium |
Not required |
Partial |
None |
Partial |
Python 2.7.14 is vulnerable to a Heap-Buffer-Overflow as well as a Heap-Use-After-Free. Python versions prior to 2.7.14 may also be vulnerable and it appears that Python 2.7.17 and prior may also be vulnerable however this has not been confirmed. The vulnerability lies when multiply threads are handling large amounts of data. In both cases there is essentially a race condition that occurs. For the Heap-Buffer-Overflow, Thread 2 is creating the size for a buffer, but Thread1 is already writing to the buffer without knowing how much to write. So when a large amount of data is being processed, it is very easy to cause memory corruption using a Heap-Buffer-Overflow. As for the Use-After-Free, Thread3->Malloc->Thread1->Free's->Thread2-Re-uses-Free'd Memory. The PSRT has stated that this is not a security vulnerability due to the fact that the attacker must be able to run code, however in some situations, such as function as a service, this vulnerability can potentially be used by an attacker to violate a trust boundary, as such the DWF feels this issue deserves a CVE. |
6 |
CVE-2018-19665 |
190 |
|
Mem. Corr. |
2018-12-06 |
2020-12-14 |
2.7 |
None |
Local Network |
Low |
??? |
None |
None |
Partial |
The Bluetooth subsystem in QEMU mishandles negative values for length variables, leading to memory corruption. |
7 |
CVE-2018-19150 |
119 |
|
DoS Overflow Mem. Corr. |
2018-11-10 |
2019-01-16 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Memory corruption in PDMODELProvidePDModelHFT in pdmodel.dll in pdfforge PDF Architect 6 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact because of a "Data from Faulting Address controls Code Flow" issue. |
8 |
CVE-2018-17905 |
119 |
|
Overflow Mem. Corr. |
2018-11-05 |
2019-10-09 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
When processing project files in Omron CX-Supervisor Versions 3.4.1.0 and prior and tampering with a specific byte, memory corruption may occur within a specific object. |
9 |
CVE-2018-17570 |
190 |
|
Overflow Mem. Corr. |
2018-09-26 |
2018-11-26 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
utils/ut_ws_svr.c in ViaBTC Exchange Server before 2018-08-21 has an integer overflow leading to memory corruption. |
10 |
CVE-2018-17569 |
190 |
|
Overflow Mem. Corr. |
2018-09-26 |
2018-11-26 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
network/nw_buf.c in ViaBTC Exchange Server before 2018-08-21 has an integer overflow leading to memory corruption. |
11 |
CVE-2018-17568 |
190 |
|
Overflow Mem. Corr. |
2018-09-26 |
2018-11-20 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
utils/ut_rpc.c in ViaBTC Exchange Server before 2018-08-21 has an integer overflow leading to memory corruption. |
12 |
CVE-2018-17336 |
134 |
|
DoS Mem. Corr. +Info |
2018-09-22 |
2019-08-06 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
UDisks 2.8.0 has a format string vulnerability in udisks_log in udiskslogging.c, allowing attackers to obtain sensitive information (stack contents), cause a denial of service (memory corruption), or possibly have unspecified other impact via a malformed filesystem label, as demonstrated by %d or %n substrings. |
13 |
CVE-2018-17157 |
190 |
|
Exec Code Overflow Mem. Corr. |
2018-12-04 |
2019-01-24 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
In FreeBSD before 11.2-STABLE(r340854) and 11.2-RELEASE-p5, an integer overflow error when handling opcodes can cause memory corruption by sending a specially crafted NFSv4 request. Unprivileged remote users with access to the NFS server may be able to execute arbitrary code. |
14 |
CVE-2018-16884 |
416 |
|
Mem. Corr. |
2018-12-18 |
2023-02-02 |
6.7 |
None |
Local Network |
Low |
??? |
Partial |
Partial |
Complete |
A flaw was found in the Linux kernel's NFS41+ subsystem. NFS41+ shares mounted in different network namespaces at the same time can make bc_svc_process() use wrong back-channel IDs and cause a use-after-free vulnerability. Thus a malicious container user can cause a host kernel memory corruption and a system panic. Due to the nature of the flaw, privilege escalation cannot be fully ruled out. |
15 |
CVE-2018-16841 |
415 |
|
DoS Mem. Corr. |
2018-11-28 |
2022-08-29 |
4.0 |
None |
Remote |
Low |
??? |
None |
None |
Partial |
Samba from version 4.3.0 and before versions 4.7.12, 4.8.7 and 4.9.3 are vulnerable to a denial of service. When configured to accept smart-card authentication, Samba's KDC will call talloc_free() twice on the same memory if the principal in a validly signed certificate does not match the principal in the AS-REQ. This is only possible after authentication with a trusted certificate. talloc is robust against further corruption from a double-free with talloc_free() and directly calls abort(), terminating the KDC process. |
16 |
CVE-2018-16585 |
119 |
|
Overflow Mem. Corr. |
2018-09-06 |
2019-10-09 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
** DISPUTED ** An issue was discovered in Artifex Ghostscript before 9.24. The .setdistillerkeys PostScript command is accepted even though it is not intended for use during document processing (e.g., after the startup phase). This leads to memory corruption, allowing remote attackers able to supply crafted PostScript to crash the interpreter or possibly have unspecified other impact. Note: A reputable source believes that the CVE is potentially a duplicate of CVE-2018-15910 as explained in Red Hat bugzilla (https://bugzilla.redhat.com/show_bug.cgi?id=1626193). |
17 |
CVE-2018-15497 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2018-10-23 |
2019-01-25 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
The Mitel MiVoice 5330e VoIP device is affected by memory corruption flaws in the SIP/SDP packet handling functionality. An attacker can exploit this issue remotely, by sending a particular pattern of SIP/SDP packets, to cause a denial of service state in the affected devices and probably remote code execution. |
18 |
CVE-2018-14563 |
119 |
|
Overflow Mem. Corr. |
2018-07-23 |
2018-09-20 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
An issue was discovered in libthulac.so in THULAC through 2018-02-25. "operator delete" is used with "operator new[]" in the TaggingLearner class in include/cb_tagging_learner.h, possibly leading to memory corruption. |
19 |
CVE-2018-14551 |
787 |
|
Mem. Corr. |
2018-07-23 |
2020-08-24 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
The ReadMATImageV4 function in coders/mat.c in ImageMagick 7.0.8-7 uses an uninitialized variable, leading to memory corruption. |
20 |
CVE-2018-14379 |
704 |
|
DoS Mem. Corr. |
2018-07-18 |
2019-11-17 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
MP4Atom::factory in mp4atom.cpp in MP4v2 2.0.0 incorrectly uses the MP4ItemAtom data type in a certain case where MP4DataAtom is required, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted MP4 file, because access to the data structure has different expectations about layout as a result of this type confusion. |
21 |
CVE-2018-14326 |
190 |
|
Overflow Mem. Corr. |
2018-07-16 |
2019-11-17 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
In MP4v2 2.0.0, there is an integer overflow (with resultant memory corruption) when resizing MP4Array for the ftyp atom in mp4array.h. |
22 |
CVE-2018-14325 |
191 |
|
Mem. Corr. |
2018-07-16 |
2019-11-17 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
In MP4v2 2.0.0, there is an integer underflow (with resultant memory corruption) when parsing MP4Atom in mp4atom.cpp. |
23 |
CVE-2018-14320 |
119 |
|
Exec Code Overflow Mem. Corr. |
2018-09-17 |
2019-10-09 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of PoDoFo. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within PdfEncoding::ParseToUnicode. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-5673. |
24 |
CVE-2018-13988 |
125 |
|
DoS Mem. Corr. |
2018-07-25 |
2019-04-25 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
Poppler through 0.62 contains an out of bounds read vulnerability due to an incorrect memory access that is not mapped in its memory space, as demonstrated by pdfunite. This can result in memory corruption and denial of service. This may be exploitable when a victim opens a specially crafted PDF file. |
25 |
CVE-2018-13095 |
787 |
|
DoS Mem. Corr. |
2018-07-03 |
2020-08-24 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
An issue was discovered in fs/xfs/libxfs/xfs_inode_buf.c in the Linux kernel through 4.17.3. A denial of service (memory corruption and BUG) can occur for a corrupted xfs image upon encountering an inode that is in extent format, but has more extents than fit in the inode fork. |
26 |
CVE-2018-12889 |
787 |
|
Overflow Mem. Corr. |
2018-06-26 |
2020-08-24 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
An issue was discovered in CCN-lite 2.0.1. There is a heap-based buffer overflow in mkAddToRelayCacheRequest and in ccnl_populate_cache for an array lacking '\0' termination when reading a binary CCNx or NDN file. This can result in Heap Corruption. This was addressed by fixing the memory management in mkAddToRelayCacheRequest in ccn-lite-ctrl.c. |
27 |
CVE-2018-12811 |
119 |
|
Exec Code Overflow Mem. Corr. |
2018-08-29 |
2021-09-08 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Adobe Photoshop CC 2018 before 19.1.6 and Photoshop CC 2017 before 18.1.6 have a memory corruption vulnerability. Successful exploitation could lead to remote code execution. |
28 |
CVE-2018-12810 |
119 |
|
Exec Code Overflow Mem. Corr. |
2018-08-29 |
2021-09-08 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Adobe Photoshop CC 2018 before 19.1.6 and Photoshop CC 2017 before 18.1.6 have a memory corruption vulnerability. Successful exploitation could lead to remote code execution. |
29 |
CVE-2018-12376 |
119 |
|
Overflow Mem. Corr. |
2018-10-18 |
2018-12-06 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Memory safety bugs present in Firefox 61 and Firefox ESR 60.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 62, Firefox ESR < 60.2, and Thunderbird < 60.2.1. |
30 |
CVE-2018-12375 |
119 |
|
Overflow Mem. Corr. |
2018-10-18 |
2018-12-06 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Memory safety bugs present in Firefox 61. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 62. |
31 |
CVE-2018-12233 |
119 |
|
Overflow Mem. Corr. |
2018-06-12 |
2019-03-27 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
In the ea_get function in fs/jfs/xattr.c in the Linux kernel through 4.17.1, a memory corruption bug in JFS can be triggered by calling setxattr twice with two different extended attribute names on the same file. This vulnerability can be triggered by an unprivileged user with the ability to create files and execute programs. A kmalloc call is incorrect, leading to slab-out-of-bounds in jfs_xattr. |
32 |
CVE-2018-11919 |
787 |
|
Overflow Mem. Corr. |
2018-11-27 |
2020-08-24 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, there is a potential heap overflow and memory corruption due to improper error handling in SOC infrastructure. |
33 |
CVE-2018-11270 |
415 |
|
Mem. Corr. |
2018-09-18 |
2018-11-09 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, memory allocated with devm_kzalloc is automatically released by the kernel if the probe function fails with an error code. This may result in data corruption. |
34 |
CVE-2018-11218 |
787 |
|
Overflow Mem. Corr. |
2018-06-17 |
2021-08-04 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Memory Corruption was discovered in the cmsgpack library in the Lua subsystem in Redis before 3.2.12, 4.x before 4.0.10, and 5.x before 5.0 RC2 because of stack-based buffer overflows. |
35 |
CVE-2018-10751 |
190 |
|
Overflow Mem. Corr. |
2018-05-29 |
2018-07-20 |
5.4 |
None |
Remote |
High |
Not required |
None |
None |
Complete |
A malformed OMACP WAP push message can cause memory corruption on a Samsung S7 Edge device when processing the String Extension portion of the WbXml payload. This is due to an integer overflow in memory allocation for this string. The Samsung ID is SVE-2018-11463. |
36 |
CVE-2018-10750 |
119 |
|
Exec Code Overflow Mem. Corr. |
2018-05-04 |
2018-06-12 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
An issue was discovered on D-Link DSL-3782 EU 1.01 devices. An authenticated user can pass a long buffer as a 'staticGet' parameter to the '/userfs/bin/tcapi' binary (in the Diagnostics component) using the 'staticGet <node_name attr>' function and cause memory corruption. Furthermore, it is possible to redirect the flow of the program and execute arbitrary code. |
37 |
CVE-2018-10749 |
119 |
|
Exec Code Overflow Mem. Corr. |
2018-05-04 |
2018-06-12 |
9.0 |
None |
Remote |
Low |
??? |
Complete |
Complete |
Complete |
An issue was discovered on D-Link DSL-3782 EU 1.01 devices. An authenticated user can pass a long buffer as a 'commit' parameter to the '/userfs/bin/tcapi' binary (in the Diagnostics component) using the 'commit <node_name>' function and cause memory corruption. Furthermore, it is possible to redirect the flow of the program and execute arbitrary code. |
38 |
CVE-2018-10748 |
119 |
|
Exec Code Overflow Mem. Corr. |
2018-05-04 |
2018-06-12 |
9.0 |
None |
Remote |
Low |
??? |
Complete |
Complete |
Complete |
An issue was discovered on D-Link DSL-3782 EU 1.01 devices. An authenticated user can pass a long buffer as a 'show' parameter to the '/userfs/bin/tcapi' binary (in the Diagnostics component) using the 'show <node_name>' function and cause memory corruption. Furthermore, it is possible to redirect the flow of the program and execute arbitrary code. |
39 |
CVE-2018-10747 |
119 |
|
Exec Code Overflow Mem. Corr. |
2018-05-04 |
2018-06-12 |
9.0 |
None |
Remote |
Low |
??? |
Complete |
Complete |
Complete |
An issue was discovered on D-Link DSL-3782 EU 1.01 devices. An authenticated user can pass a long buffer as an 'unset' parameter to the '/userfs/bin/tcapi' binary (in the Diagnostics component) using the 'unset <node_name>' function and cause memory corruption. Furthermore, it is possible to redirect the flow of the program and execute arbitrary code. |
40 |
CVE-2018-10746 |
119 |
|
Exec Code Overflow Mem. Corr. |
2018-05-04 |
2018-06-12 |
9.0 |
None |
Remote |
Low |
??? |
Complete |
Complete |
Complete |
An issue was discovered on D-Link DSL-3782 EU 1.01 devices. An authenticated user can pass a long buffer as a 'get' parameter to the '/userfs/bin/tcapi' binary (in the Diagnostics component) using the 'get <node_name attr>' function and cause memory corruption. Furthermore, it is possible to redirect the flow of the program and execute arbitrary code. |
41 |
CVE-2018-10713 |
119 |
|
Exec Code Overflow Mem. Corr. |
2018-05-03 |
2018-06-12 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
An issue was discovered on D-Link DSL-3782 EU 1.01 devices. An authenticated user can pass a long buffer as a 'read' parameter to the '/userfs/bin/tcapi' binary (in the Diagnostics component) using the 'read <node_name>' function and cause memory corruption. Furthermore, it is possible to redirect the flow of the program and execute arbitrary code. |
42 |
CVE-2018-10664 |
119 |
|
Overflow Mem. Corr. |
2018-06-26 |
2018-08-20 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
An issue was discovered in the httpd process in multiple models of Axis IP Cameras. There is Memory Corruption. |
43 |
CVE-2018-10659 |
119 |
|
DoS Overflow Mem. Corr. |
2018-06-26 |
2018-08-20 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
There was a Memory Corruption issue discovered in multiple models of Axis IP Cameras which allows remote attackers to cause a denial of service (crash) by sending a crafted command which will result in a code path that calls the UND undefined ARM instruction. |
44 |
CVE-2018-10658 |
119 |
|
DoS Overflow Mem. Corr. |
2018-06-26 |
2018-08-20 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
There was a Memory Corruption issue discovered in multiple models of Axis IP Cameras which causes a denial of service (crash). The crash arises from code inside libdbus-send.so shared object or similar. |
45 |
CVE-2018-9838 |
190 |
|
DoS Exec Code Overflow Mem. Corr. |
2018-04-06 |
2020-07-27 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
The caml_ba_deserialize function in byterun/bigarray.c in the standard library in OCaml 4.06.0 has an integer overflow which, in situations where marshalled data is accepted from an untrusted source, allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted object. |
46 |
CVE-2018-9568 |
704 |
|
Mem. Corr. |
2018-12-06 |
2020-10-15 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
In sk_clone_lock of sock.c, there is a possible memory corruption due to type confusion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-113509306. References: Upstream kernel. |
47 |
CVE-2018-9517 |
416 |
|
Mem. Corr. |
2018-12-07 |
2019-04-03 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
In pppol2tp_connect, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-38159931. |
48 |
CVE-2018-9515 |
119 |
|
Overflow Mem. Corr. |
2018-10-02 |
2019-10-03 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
In sdcardfs_create and sdcardfs_mkdir of inode.c, there is a possible memory corruption due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-111641492 References: N/A |
49 |
CVE-2018-9513 |
415 |
|
Mem. Corr. |
2018-10-02 |
2018-11-20 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
In copy_process of fork.c, there is possible memory corruption due to a double free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-111081202 References: N/A |
50 |
CVE-2018-9465 |
416 |
|
Mem. Corr. |
2018-11-06 |
2018-12-12 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
In task_get_unused_fd_flags of binder.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-69164715 References: Upstream kernel. |