Input Validation Flaw in NVIDIA Tegra Gralloc Driver Affecting Android Devices
CVE-2018-6241

7.8HIGH

Key Information:

Vendor: Nvidia
Status: Android
Vendor: CVE Published:; 7 January 2019

What is CVE-2018-6241?

A flaw in the NVIDIA Tegra Gralloc module allows for improper validation of input parameters in the registerbuffer API. This loophole can potentially lead to arbitrary code execution, denial of service, or privilege escalation. The vulnerability highlights the importance of securing driver code against unvalidated inputs to prevent exploitation.

Affected Version(s)

Android

References

http://www.securityfocus.com/bid/106476

vdb-entryx_refsource_BID

https://source.android.com/security/bulletin/2019-01-01

x_refsource_CONFIRM

https://nvidia.custhelp.com/app/answers/detail/a_id/4804

x_refsource_CONFIRM

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 7, 2019
Vulnerability Reserved
Jan 25, 2018

Nvidia

What is CVE-2018-6241?

Affected Version(s)

References

CVSS V3.1

Timeline