{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2018-9368","assignerOrgId":"baff130e-b8d5-4e15-b3d3-c3cf5d5545c6","state":"PUBLISHED","assignerShortName":"google_android","dateReserved":"2018-04-05T00:00:00.000Z","datePublished":"2024-11-19T19:16:25.726Z","dateUpdated":"2024-11-21T15:28:10.145Z"},"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","product":"Android","vendor":"Google","versions":[{"status":"affected","version":"SoCVersion"}]}],"descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"<span style=\"background-color: rgb(255, 255, 255);\">In mtkscoaudio debugfs there is a possible arbitrary kernel memory write due to missing bounds check and weakened SELinux policies. This could lead to local escalation of privilege with system &nbsp;execution privileges needed. User interaction is not needed for exploitation.</span><br>"}],"value":"In mtkscoaudio debugfs there is a possible arbitrary kernel memory write due to missing bounds check and weakened SELinux policies. This could lead to local escalation of privilege with system  execution privileges needed. User interaction is not needed for exploitation."}],"providerMetadata":{"orgId":"baff130e-b8d5-4e15-b3d3-c3cf5d5545c6","shortName":"google_android","dateUpdated":"2024-11-19T19:16:25.726Z"},"references":[{"url":"https://source.android.com/security/bulletin/2018-06-01"}],"source":{"discovery":"UNKNOWN"},"x_generator":{"engine":"Vulnogram 0.2.0"}},"adp":[{"problemTypes":[{"descriptions":[{"type":"CWE","cweId":"CWE-787","lang":"en","description":"CWE-787 Out-of-bounds Write"}]}],"affected":[{"vendor":"google","product":"android","cpes":["cpe:2.3:o:google:android:-:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"SoCVersion","status":"affected"}]}],"metrics":[{"cvssV3_1":{"scope":"UNCHANGED","version":"3.1","baseScore":6.7,"attackVector":"LOCAL","baseSeverity":"MEDIUM","vectorString":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","integrityImpact":"HIGH","userInteraction":"NONE","attackComplexity":"LOW","availabilityImpact":"HIGH","privilegesRequired":"HIGH","confidentialityImpact":"HIGH"}},{"other":{"type":"ssvc","content":{"timestamp":"2024-11-21T15:25:14.347252Z","id":"CVE-2018-9368","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-11-21T15:28:10.145Z"}}]}}