CVE-2018-6241

EUVD-2018-18002
NVIDIA Tegra Gralloc module contains a vulnerability in driver in which it does not validate input parameter of the registerbuffer API, which may lead to arbitrary code execution, denial of service, or escalation of privileges. Android ID: A-62540032 Severity Rating: High Version: N/A.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.8 HIGH
LOCAL
LOW
LOW
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 8%
Affected Products (NVD)
VendorProductVersion
googleandroid
-
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.securityfocus.com/bid/106476
https://nvidia.custhelp.com/app/answers/detail/a_id/4804
https://source.android.com/security/bulletin/2019-01-01
http://www.securityfocus.com/bid/106476
https://nvidia.custhelp.com/app/answers/detail/a_id/4804
https://source.android.com/security/bulletin/2019-01-01