{"api_version":"1","generated_at":"2026-05-06T17:27:11+00:00","cve":"CVE-2018-6241","urls":{"html":"https://cve.report/CVE-2018-6241","api":"https://cve.report/api/cve/CVE-2018-6241.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2018-6241","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2018-6241"},"summary":{"title":"CVE-2018-6241","description":"NVIDIA Tegra Gralloc module contains a vulnerability in driver in which it does not validate input parameter of the registerbuffer API, which may lead to arbitrary code execution, denial of service, or escalation of privileges. Android ID: A-62540032 Severity Rating: High Version: N/A.","state":"PUBLIC","assigner":"psirt@nvidia.com","published_at":"2019-01-31 20:29:00","updated_at":"2019-10-03 00:03:00"},"problem_types":["CWE-20"],"metrics":[],"references":[{"url":"https://nvidia.custhelp.com/app/answers/detail/a_id/4804","name":"https://nvidia.custhelp.com/app/answers/detail/a_id/4804","refsource":"CONFIRM","tags":[],"title":"Security Bulletin: NVIDIA SHIELD TV - August 2019 | NVIDIA","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://source.android.com/security/bulletin/2019-01-01","name":"https://source.android.com/security/bulletin/2019-01-01","refsource":"CONFIRM","tags":["Vendor Advisory"],"title":"Android Security Bulletin—January 2019  |  Android Open Source Project","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/106476","name":"106476","refsource":"BID","tags":["Third Party Advisory","VDB Entry"],"title":"Google Android NVIDIA Components CVE-2018-6241 Privilege Escalation Vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2018-6241","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-6241","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2018","cve_id":"6241","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"google","cpe5":"android","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"6241","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"google","cpe5":"android","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"psirt@nvidia.com","DATE_PUBLIC":"2019-01-07T00:00:00","ID":"CVE-2018-6241","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"Android","version":{"version_data":[{"version_value":"N/A"}]}}]},"vendor_name":"Nvidia Corporation"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"NVIDIA Tegra Gralloc module contains a vulnerability in driver in which it does not validate input parameter of the registerbuffer API, which may lead to arbitrary code execution, denial of service, or escalation of privileges. Android ID: A-62540032 Severity Rating: High Version: N/A."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"Escalation of privileges"}]}]},"references":{"reference_data":[{"name":"106476","refsource":"BID","url":"http://www.securityfocus.com/bid/106476"},{"name":"https://source.android.com/security/bulletin/2019-01-01","refsource":"CONFIRM","url":"https://source.android.com/security/bulletin/2019-01-01"},{"refsource":"CONFIRM","name":"https://nvidia.custhelp.com/app/answers/detail/a_id/4804","url":"https://nvidia.custhelp.com/app/answers/detail/a_id/4804"}]}},"nvd":{"publishedDate":"2019-01-31 20:29:00","lastModifiedDate":"2019-10-03 00:03:00","problem_types":["CWE-20"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":7.8,"baseSeverity":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:C/I:C/A:C","accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE","baseScore":7.2},"severity":"HIGH","exploitabilityScore":3.9,"impactScore":10,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:google:android:-:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2018","CveId":"6241","Ordinal":"122298","Title":"CVE-2018-6241","CVE":"CVE-2018-6241","Year":"2018"},"notes":[{"CveYear":"2018","CveId":"6241","Ordinal":"1","NoteData":"NVIDIA Tegra Gralloc module contains a vulnerability in driver in which it does not validate input parameter of the registerbuffer API, which may lead to arbitrary code execution, denial of service, or escalation of privileges. Android ID: A-62540032 Severity Rating: High Version: N/A.","Type":"Description","Title":null},{"CveYear":"2018","CveId":"6241","Ordinal":"2","NoteData":"2019-01-31","Type":"Other","Title":"Published"},{"CveYear":"2018","CveId":"6241","Ordinal":"3","NoteData":"2019-08-02","Type":"Other","Title":"Modified"}]}}}