CVE-2018-9371

CVSS 3.1 Score 7.8 of 10 (high)

Details

Published Nov 19, 2024
Updated: Nov 20, 2024
CWE ID 125
CWE ID 787

Summary

CVE-2018-9371 is a vulnerability affecting the Mediatek Preloader. This issue stems from an exposed interface that permits arbitrary peripheral memory mapping, with insufficient blacklisting and whitelisting. Consequently, attackers can perform out-of-bounds reads and writes, leading to local privilege escalation. However, it's important to note that physical access to the device is required for exploitation, and no additional execution privileges are necessary for the attack to succeed. User interaction also plays a role in the exploitation process.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share