Details of VAR-202412-1816

ID

VAR-202412-1816

CVE

CVE-2018-9399

TITLE

Google of Android Out-of-bounds write vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2018-016819

DESCRIPTION

In /proc/driver/wmt_dbg driver, there are several possible out of bounds writes. These could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Google of Android Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Google Pixel is a smartphone produced by Google Inc. There is a security vulnerability in Google Pixel, which is caused by multiple possible out-of-bounds writes in the /proc/driver/wmt_dbg driver. No detailed vulnerability details are provided at this time

Trust: 2.16

sources: NVD: CVE-2018-9399 // JVNDB: JVNDB-2018-016819 // CNVD: CNVD-2025-01683

IOT TAXONOMY

category:

['IoT']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-01683

AFFECTED PRODUCTS

vendor:	google	model:	android	scope:	eq	version:	-	Trust: 1.8
vendor:	google	model:	android	scope:	-	version:	-	Trust: 1.4

sources: CNVD: CNVD-2025-01683 // JVNDB: JVNDB-2018-016819 // NVD: CVE-2018-9399

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-9399
value:	MEDIUM
Trust: 1.0
134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2018-9399
value:	HIGH
Trust: 1.0
NVD:	CVE-2018-9399
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2025-01683
value:	MEDIUM
Trust: 0.6

CNVD:	CNVD-2025-01683
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:L/AC:L/AU:S/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.1
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2018-9399
baseSeverity:	MEDIUM
baseScore:	6.7
vectorString:	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	0.8
impactScore:	5.9
version:	3.1
Trust: 1.0
134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2018-9399
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2018-9399
baseSeverity:	MEDIUM
baseScore:	6.7
vectorString:	CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2025-01683 // JVNDB: JVNDB-2018-016819 // NVD: CVE-2018-9399 // NVD: CVE-2018-9399

PROBLEMTYPE DATA

problemtype:	CWE-787	Trust: 1.0
problemtype:	Out-of-bounds writing (CWE-787) [NVD evaluation ]	Trust: 0.8
problemtype:	Out-of-bounds writing (CWE-787) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2018-016819 // NVD: CVE-2018-9399

PATCH

title:

Patch for Google Pixel has an unspecified vulnerability (CNVD-2025-01683)

url:

https://www.cnvd.org.cn/patchInfo/show/651621

Trust: 0.6

sources: CNVD: CNVD-2025-01683

EXTERNAL IDS

db:	NVD	id:	CVE-2018-9399	Trust: 3.2
db:	JVNDB	id:	JVNDB-2018-016819	Trust: 0.8
db:	CNVD	id:	CNVD-2025-01683	Trust: 0.6

sources: CNVD: CNVD-2025-01683 // JVNDB: JVNDB-2018-016819 // NVD: CVE-2018-9399

REFERENCES

url:	https://source.android.com/security/bulletin/pixel/2018-06-01	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-9399	Trust: 1.4

sources: CNVD: CNVD-2025-01683 // JVNDB: JVNDB-2018-016819 // NVD: CVE-2018-9399

SOURCES

db:	CNVD	id:	CNVD-2025-01683
db:	JVNDB	id:	JVNDB-2018-016819
db:	NVD	id:	CVE-2018-9399

LAST UPDATE DATE

2025-01-19T23:20:28.577000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2025-01683	date:	2025-01-17T00:00:00
db:	JVNDB	id:	JVNDB-2018-016819	date:	2024-12-20T06:33:00
db:	NVD	id:	CVE-2018-9399	date:	2024-12-19T17:08:15.067

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2025-01683	date:	2025-01-15T00:00:00
db:	JVNDB	id:	JVNDB-2018-016819	date:	2024-12-20T00:00:00
db:	NVD	id:	CVE-2018-9399	date:	2024-12-05T00:15:17.477