CVE-2018-6241

7.8HIGH

Key Information:

Vendor: Nvidia
Status: Android
Vendor: CVE Published:; 7 January 2019

Summary

NVIDIA Tegra Gralloc module contains a vulnerability in driver in which it does not validate input parameter of the registerbuffer API, which may lead to arbitrary code execution, denial of service, or escalation of privileges. Android ID: A-62540032 Severity Rating: High Version: N/A.

Affected Version(s)

Android

References

http://www.securityfocus.com/bid/106476

vdb-entryx_refsource_BID

https://source.android.com/security/bulletin/2019-01-01

x_refsource_CONFIRM

https://nvidia.custhelp.com/app/answers/detail/a_id/4804

x_refsource_CONFIRM

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 7, 2019
Vulnerability Reserved
Jan 25, 2018

.