Published: 06/11/2018 Updated: 19/01/2023

CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9

CVSS v3 Base Score: 8.4 | Impact Score: 5.9 | Exploitability Score: 2.5

VMScore: 642

Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

In the hidp_process_report in bluetooth, there is an integer overflow. This could lead to an out of bounds write with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-65853588 References: Upstream kernel.

Vulnerable Product	Search on Vulmon	Subscribe to Product
google android -
canonical ubuntu linux 12.04
canonical ubuntu linux 16.04
canonical ubuntu linux 14.04
canonical ubuntu linux 18.04
debian debian linux 8.0
debian debian linux 9.0
linux linux kernel

Synopsis Important: kernel-rt security and bug fix update Type/Severity Security Advisory: Important Topic An update for kernel-rt is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (C ...

Synopsis Important: kernel security, bug fix, and enhancement update Type/Severity Security Advisory: Important Topic An update for kernel is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring S ...

Synopsis Important: kernel-alt security, bug fix, and enhancement update Type/Severity Security Advisory: Important Topic An update for kernel-alt is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability S ...

Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks CVE-2018-6554 A memory leak in the irda_bind function in the irda subsystem was discovered A local user can take advantage of this flaw to cause a denial of service (memory consumption) CVE ...

Several security issues were fixed in the Linux kernel ...

It was found that paravirt_patch_call/jump() functions in the arch/x86/kernel/paravirtc in the Linux kernel mishandles certain indirect calls, which makes it easier for attackers to conduct Spectre-v2 attacks against paravirtualized guests(CVE-2018-15594) A buffer overflow due to a singed-unsigned comparsion was found in hidp_process_report() in ...

NOTE: This ALAS is a duplicate of ALAS2-2019-1280 The CVEs listed here are fixed in the referenced ALAS ...

A buffer overflow due to a singed-unsigned comparsion was found in hidp_process_report() in the net/bluetooth/hidp/corec in the Linux kernel The buffer length is an unsigned int but gets cast to a signed int which in certain conditions can lead to a system panic and a denial-of-service (CVE-2018-9363) It was found that paravirt_patch_call/jump() ...

livepatch overlay

Livepatch overlay Open standard for livepatch patches management for compatibility on different vendors Why We have differents livepatch services, each one with their own way of storing the livepatch patches This repository is trying to fix this by creating a open standard for storing and sharing livepatch patches in a reusable way This can be optimized, giving the freedom t

livepatch overlay

Get Started

CVE-2018-9363

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Github Repositories

References

Vulmon Search

About

Products

Connect