CVE-2018-9369
https://notcve.org/view.php?id=CVE-2018-9369
In bootloader there is fastboot command allowing user specified kernel command line arguments. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. • https://source.android.com/security/bulletin/2018-06-01 • CWE-276: Incorrect Default Permissions •
CVE-2018-9368
https://notcve.org/view.php?id=CVE-2018-9368
In mtkscoaudio debugfs there is a possible arbitrary kernel memory write due to missing bounds check and weakened SELinux policies. This could lead to local escalation of privilege with system execution privileges needed. User interaction is not needed for exploitation. • https://source.android.com/security/bulletin/2018-06-01 • CWE-787: Out-of-bounds Write •
CVE-2018-9367
https://notcve.org/view.php?id=CVE-2018-9367
In FT_ACDK_CCT_V2_OP_ISP_SET_TUNING_PARAS of Meta_CCAP_Para.cpp, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. • https://source.android.com/security/bulletin/2018-06-01 • CWE-787: Out-of-bounds Write •
CVE-2018-9366
https://notcve.org/view.php?id=CVE-2018-9366
In IMSA_Recv_Thread and VT_IMCB_Thread of ImsaClient.cpp and VideoTelephony.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. • https://source.android.com/security/bulletin/2018-06-01 • CWE-787: Out-of-bounds Write •
CVE-2024-11395
https://notcve.org/view.php?id=CVE-2024-11395
Type Confusion in V8 in Google Chrome prior to 131.0.6778.85 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) • https://chromereleases.googleblog.com/2024/11/stable-channel-update-for-desktop_19.html https://issues.chromium.org/issues/377384894 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •