CVE-2018-9392

CVSS 3.1 Score 6.7 of 10 (medium)

Details

Published Dec 4, 2024
Updated: Dec 19, 2024
CWE ID 787

Summary

CVE-2018-9392 is a vulnerability affecting the data_coder.c file in the GPS HAL source code of MediaTek's proprietary hardware connectivity software. The issue involves a missing bounds check in the get_binary function, which could allow an attacker to perform a out-of-bounds write operation. Successful exploitation of this vulnerability could result in local privilege escalation and the execution of arbitrary system commands, making it a significant security risk. User interaction is not required for an attacker to exploit this vulnerability.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share