In sg_remove_scat of scsi/sg.c, there is a possible memory corruption due to an unusual root cause. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
A vulnerability classified as CWE-787 (out-of-bounds write) occurs in the sg_remove_scat function handling the SCSI generic (sg) driver in the Android kernel. Improper operation on scatter-gather memory structures can result in data being written outside the intended memory area (out-of-bounds write). Exploitation of this vulnerability requires System-level execution privileges, but does not require any user interaction.
An attacker with System privileges can cause kernel memory corruption and achieve local privilege escalation on an Android device.
Apply patches available from the vendor according to the references — Pixel security bulletin dated 2018-07-01 (https://source.android.com/security/bulletin/pixel/2018-07-01)
Google Android — versions indicated in the vendor's references (Pixel security bulletin, July 2018)
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XGoogle Android
OSGooglewszystkie wersje
Related vulnerabilities
Heap buffer overflow in UI in Google Chrome on Android prior to 86.0.4240.185 allowed a remote attacker who ha...
Adobe Flash Player 21.0.0.197 and earlier allows remote attackers to cause a denial of service (application cr...
Insufficient validation of untrusted input in WebAppInstalls in Google Chrome on Android prior to 150.0.7871.4...
Insufficient validation of untrusted input in WebAppInstalls in Google Chrome on Android prior to 150.0.7871.4...
Insufficient validation of untrusted input in Text in Google Chrome on Android prior to 150.0.7871.47 allowed ...