CVE-2018-9392
CVSS 3.1 Score 6.7 of 10 (medium)
Details
Published Dec 4, 2024
Updated: Dec 19, 2024
CWE ID 787
Summary
CVE-2018-9392 is a vulnerability affecting the data_coder.c file in the GPS HAL source code of MediaTek's proprietary hardware connectivity software. The issue involves a missing bounds check in the get_binary function, which could allow an attacker to perform a out-of-bounds write operation. Successful exploitation of this vulnerability could result in local privilege escalation and the execution of arbitrary system commands, making it a significant security risk. User interaction is not required for an attacker to exploit this vulnerability.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share
Affected Products
- Android