CVE-2018-9371
CVE-2018-9371
Vexday Risk Score
21Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 7.8EPSS 0.1%KEV nãoPoC —Nuclei —Metasploit —Patch —
Lifecycle
19 Nov 2024Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
In the Mediatek Preloader, there are out of bounds reads and writes due to an exposed interface that allows arbitrary peripheral memory mapping with insufficient blacklisting/whitelisting. This could lead to local elevation of privilege, given physical access to the device with no additional execution privileges needed. User interaction is needed for exploitation.
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected products
Google · Android