CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-9367
https://notcve.org/view.php?id=CVE-2018-9367
In FT_ACDK_CCT_V2_OP_ISP_SET_TUNING_PARAS of Meta_CCAP_Para.cpp, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. • https://source.android.com/security/bulletin/2018-06-01 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-9366
https://notcve.org/view.php?id=CVE-2018-9366
In IMSA_Recv_Thread and VT_IMCB_Thread of ImsaClient.cpp and VideoTelephony.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. • https://source.android.com/security/bulletin/2018-06-01 • CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-9364
https://notcve.org/view.php?id=CVE-2018-9364
In the LG LAF component, there is a special command that allowed modification of certain partitions. This could lead to bypass of secure boot. User interaction is not needed for exploitation. • https://source.android.com/security/bulletin/2018-06-01 • CWE-203: Observable Discrepancy •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2018-9348
https://notcve.org/view.php?id=CVE-2018-9348
In SMF_ParseMetaEvent of eas_smf.c, there is a possible integer overflow. This could lead to remote denial of service due to resource exhaustion with no additional execution privileges needed. User interaction is needed for exploitation. • https://source.android.com/security/bulletin/2018-06-01 • CWE-190: Integer Overflow or Wraparound •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2018-9346
https://notcve.org/view.php?id=CVE-2018-9346
In BnAudioPolicyService::onTransact of AudioPolicyService.cpp, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. • https://source.android.com/security/bulletin/2018-06-01 • CWE-908: Use of Uninitialized Resource •