Possible Out of Bounds Write in sw49408 IRQ Runtime Engine Could Lead to Local Escalation of Privilege
CVE-2018-9463
6.7MEDIUM
What is CVE-2018-9463?
The vulnerability in the touch_sw49408.c file of the Android touch software is caused by an improper bounds check within the sw49408_irq_runtime_engine_debug function. This flaw allows for a possible out of bounds write, which may lead to local privilege escalation. While user interaction is not required for the exploitation of this vulnerability, successful exploitation necessitates the attainment of system execution privileges, raising significant security concerns for Android devices that utilize this touch driver.
Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.
Affected Version(s)
Android Kernel
References
CVSS V3.1
Score:
6.7
Severity:
MEDIUM
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published