CVE-2018-9391

In update_gps_sv and output_vzw_debug of
    vendor/mediatek/proprietary/hardware/connectivity/gps/gps_hal/src/gpshal_wor
    ker.c, there is a possible out of bounds write due to a missing bounds
    check. This could lead to local escalation of privilege with System
    execution privileges needed. User interaction is not needed for
    exploitation.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.7 MEDIUM
LOCAL
LOW
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
google_androidCNA
---
---
CISA-ADPADP
6.7 MEDIUM
LOCAL
LOW
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 5%
VendorProductVersion
googleandroid
-
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://source.android.com/security/bulletin/pixel/2018-06-01