An out of bounds write has been found in the audioTransportToHal() function of HidlUtils.cpp. By sending a large audio chunk (at least 10MB) in a very short duration (100ms or less), it is possible to achieve a high amount of CPU consumption with a potential out of bounds write. A remote attacker could leverage this issue to execute code with elevated privileges. User interaction is required in order to exploit this issue.An out of bounds write has been found in the audioTransportToHal() function of HredlUtils.cpp. By sending a large audio chunk (at least 10MB) in a very short duration (100ms or less), it is possible to achieve a high amount of CPU consumption with a potential out of bounds write. A remote attacker could leverage this issue to execute code with elevated privileges.
CVE-2018-0358 An integer overflow condition exists in the Skia library due to improper validation of user-input length values. A remote attacker could leverage this vulnerability to execute code with elevated privileges. User interaction is required in order to exploit this vulnerability. An integer overflow condition exists in the Skia library due to improper validation of user-input length values. A remote attacker could leverage this vulnerability to execute code with elevated privileges. User interaction is required in order to exploit this vulnerability. CVE-2018-0359 A possible out-of-bounds read exists in the skia library due to a failure
References a
F ile: https://bugs.chromium.org/p/project-zero/issues/detail?id=2022
Vendor: Google
Product: Android
Affected version: 7.1.1
Fixed version: Not available
Details: An out of bounds write has been found in the audioTransportToHal() function of HidlUtils.cpp. By sending a large audio chunk (at least 10MB) in a very short duration (100ms or less), it is possible to achieve a high amount of CPU consumption with a potential out of bounds write. A remote attacker could leverage this issue to execute code with elevated privileges. User interaction is required in order to exploit this issue.An out of bounds write has been found in the audioTransportToHal() function of HredlUtils.cpp. By sending a large audio chunk (at least 10MB) in a very short duration (100ms or less), it is possible to achieve a high amount of CPU consumption with a potential out of bounds write. A remote attacker could leverage this issue to execute code with elevated privileges.
Timeline
Published on: 10/11/2022 20:15:00 UTC
Last modified on: 10/13/2022 02:45:00 UTC