Vulnerability CVE-2018-18318


Published: 2018-10-15

Description:
The /dev/block/mmcblk0rpmb driver kernel module on Qiku 360 Phone N6 Pro 1801-A01 devices allows attackers to cause a denial of service (NULL pointer dereference and device crash) via a crafted 0xc0d8b300 ioctl call.

Type:

CWE-476

(NULL Pointer Dereference)

CVSS2 => (AV:N/AC:L/Au:N/C:N/I:N/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.8/10
6.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
None
None
Complete
Affected software
QIKU -> 360 mobile phone n6 pro firmware 

 References:
https://github.com/datadancer/HIAFuzz/blob/master/360%20Phone%20N6%20Pro%20Kernel%20Vuln.md

Copyright 2024, cxsecurity.com

 

Back to Top