CVE-2018-18318 — HIGH (7.5)

Vulnerability Description

The /dev/block/mmcblk0rpmb driver kernel module on Qiku 360 Phone N6 Pro 1801-A01 devices allows attackers to cause a denial of service (NULL pointer dereference and device crash) via a crafted 0xc0d8b300 ioctl call.

CVSS Score

7.5

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Qiku	360 Mobile Phone N6 Pro Firmware	v096
Qiku	360 Mobile Phone N6 Pro	-

Related Weaknesses (CWE)

CWE-476

References

https://github.com/datadancer/HIAFuzz/blob/master/360%20Phone%20N6%20Pro%20KerneExploitThird Party Advisory
https://github.com/datadancer/HIAFuzz/blob/master/360%20Phone%20N6%20Pro%20KerneExploitThird Party Advisory

FAQ

What is CVE-2018-18318?

CVE-2018-18318 is a vulnerability with a CVSS score of 7.5 (HIGH). The /dev/block/mmcblk0rpmb driver kernel module on Qiku 360 Phone N6 Pro 1801-A01 devices allows attackers to cause a denial of service (NULL pointer dereference and device crash) via a crafted 0xc0d8...

How severe is CVE-2018-18318?

CVE-2018-18318 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2018-18318?

Check the references section above for vendor advisories and patch information. Affected products include: Qiku 360 Mobile Phone N6 Pro Firmware, Qiku 360 Mobile Phone N6 Pro.