CVE-2018-11020 - OpenCVE

kernel/omap/drivers/rpmsg/rpmsg_omx.c in the kernel component in Amazon Kindle Fire HD(3rd) Fire OS 4.5.5.3 allows attackers to inject a crafted argument via the argument of an ioctl on device file /dev/rpmsg-omx1 with the command 3221772291, and cause a kernel crash.

No CVSS v3.1

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Complete

AV:L/AC:L/Au:N/C:N/I:N/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Amazon	Kindle Fire Hd Fire Os

Configuration 1 [-]

AND

cpe:2.3:o:amazon:fire_os:4.5.5.3:*:*:*:*:*:*:*

cpe:2.3:h:amazon:kindle_fire_hd:3:*:*:*:*:*:*:*

References

Link	Resource
https://github.com/datadancer/HIAFuzz/blob/master/CVE-2018-11020.md	Exploit Third Party Advisory
https://github.com/datadancer/HIAFuzz/blob/master/CVE-Advisory.md	Exploit Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2018-10-16T22:00:00

Updated: 2018-10-16T21:57:01

Reserved: 2018-05-13T00:00:00

Link: CVE-2018-11020

JSON object: View

NVD Information

Status : Analyzed

Published: 2018-10-16T22:29:00.837

Modified: 2019-01-17T20:42:43.280

Link: CVE-2018-11020

JSON object: View

Redhat Information

No data.

CWE

CWE-88

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2018-10-12T00:00:00", "descriptions": [{"lang": "en", "value": "kernel/omap/drivers/rpmsg/rpmsg_omx.c in the kernel component in Amazon Kindle Fire HD(3rd) Fire OS 4.5.5.3 allows attackers to inject a crafted argument via the argument of an ioctl on device file /dev/rpmsg-omx1 with the command 3221772291, and cause a kernel crash."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-16T21:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://github.com/datadancer/HIAFuzz/blob/master/CVE-Advisory.md"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/datadancer/HIAFuzz/blob/master/CVE-2018-11020.md"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-11020", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "kernel/omap/drivers/rpmsg/rpmsg_omx.c in the kernel component in Amazon Kindle Fire HD(3rd) Fire OS 4.5.5.3 allows attackers to inject a crafted argument via the argument of an ioctl on device file /dev/rpmsg-omx1 with the command 3221772291, and cause a kernel crash."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://github.com/datadancer/HIAFuzz/blob/master/CVE-Advisory.md", "refsource": "MISC", "url": "https://github.com/datadancer/HIAFuzz/blob/master/CVE-Advisory.md"}, {"name": "https://github.com/datadancer/HIAFuzz/blob/master/CVE-2018-11020.md", "refsource": "MISC", "url": "https://github.com/datadancer/HIAFuzz/blob/master/CVE-2018-11020.md"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2018-11020", "datePublished": "2018-10-16T22:00:00", "dateReserved": "2018-05-13T00:00:00", "dateUpdated": "2018-10-16T21:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:amazon:fire_os:4.5.5.3:*:*:*:*:*:*:*", "matchCriteriaId": "DC556E2D-3B8F-4F63-9CC4-DCECD2F518CC", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:amazon:kindle_fire_hd:3:*:*:*:*:*:*:*", "matchCriteriaId": "60474270-4FC1-4BAE-BE64-CF29E2034CE1", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "kernel/omap/drivers/rpmsg/rpmsg_omx.c in the kernel component in Amazon Kindle Fire HD(3rd) Fire OS 4.5.5.3 allows attackers to inject a crafted argument via the argument of an ioctl on device file /dev/rpmsg-omx1 with the command 3221772291, and cause a kernel crash."}, {"lang": "es", "value": "kernel/omap/drivers/rpmsg/rpmsg_omx.c en el componente kernel en Amazon Kindle Fire HD(3rd) Fire OS 4.5.5.3 permite que los atacantes inyecten un argumento manipulado mediante el argumento de una llamada ioctl en el archivo del dispositivo /dev/rpmsg-omx1 con el comando 3221772291 y provoquen el cierre inesperado del kernel."}], "id": "CVE-2018-11020", "lastModified": "2019-01-17T20:42:43.280", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 4.9, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 0.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-10-16T22:29:00.837", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/datadancer/HIAFuzz/blob/master/CVE-2018-11020.md"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/datadancer/HIAFuzz/blob/master/CVE-Advisory.md"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-88"}], "source": "nvd@nist.gov", "type": "Primary"}]}