Kernel Vulnerability in Amazon Kindle Fire HD by Amazon
CVE-2018-11023

7.5HIGH

Key Information:

Vendor: Amazon
Status: Fire Os
Vendor: CVE Published:; 16 October 2018

What is CVE-2018-11023?

A security issue exists within the kernel component of the Amazon Kindle Fire HD (3rd generation) running Fire OS 4.5.5.3. This vulnerability allows attackers to manipulate ioctl arguments on device /dev/gcioctl, leading to a potential kernel crash. By issuing a crafted command, an attacker can exploit this flaw, ultimately compromising the stability of the device. Awareness and timely updates are essential to mitigate the risks associated with this vulnerability.

References

https://github.com/datadancer/HIAFuzz/blob/master/CVEs.md

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 16, 2018
Vulnerability Reserved
May 13, 2018