{"api_version":"1","generated_at":"2026-06-28T01:37:59+00:00","cve":"CVE-2018-6271","urls":{"html":"https://cve.report/CVE-2018-6271","api":"https://cve.report/api/cve/CVE-2018-6271.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2018-6271","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2018-6271"},"summary":{"title":"CVE-2018-6271","description":"NVIDIA Tegra OpenMax driver (libnvomx) contains a vulnerability in which the software delivers extra data with the buffer and does not properly validated the extra data, which may lead to denial of service or escalation of privileges. Android ID: A-80198474.","state":"PUBLIC","assigner":"psirt@nvidia.com","published_at":"2019-02-13 22:29:00","updated_at":"2019-10-03 00:03:00"},"problem_types":["CWE-119"],"metrics":[],"references":[{"url":"https://nvidia.custhelp.com/app/answers/detail/a_id/4787","name":"https://nvidia.custhelp.com/app/answers/detail/a_id/4787","refsource":"CONFIRM","tags":[],"title":"Security Bulletin: NVIDIA Jetson TX1 and TX2 L4T - April 2019 | NVIDIA","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/106846","name":"106846","refsource":"BID","tags":["Third Party Advisory","VDB Entry"],"title":"Google Android NVIDIA Components Multiple Security Vulnerabilities","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"https://nvidia.custhelp.com/app/answers/detail/a_id/4910","name":"https://nvidia.custhelp.com/app/answers/detail/a_id/4910","refsource":"CONFIRM","tags":[],"title":"Security Bulletin: Jetson AGX Xavier, TK1, TX1, TX2, and Nano L4T- December 2019 | NVIDIA","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://source.android.com/security/bulletin/2019-02-01","name":"https://source.android.com/security/bulletin/2019-02-01","refsource":"CONFIRM","tags":["Vendor Advisory"],"title":"Android Security Bulletin — February 2019  |  Android Open Source Project","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2018-6271","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-6271","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2018","cve_id":"6271","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"google","cpe5":"android","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"6271","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"google","cpe5":"android","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"psirt@nvidia.com","DATE_PUBLIC":"2019-02-04T00:00:00","ID":"CVE-2018-6271","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"Android","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"Nvidia Corporation"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"NVIDIA Tegra OpenMax driver (libnvomx) contains a vulnerability in which the software delivers extra data with the buffer and does not properly validated the extra data, which may lead to denial of service or escalation of privileges. Android ID: A-80198474."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"Denial of Service, Escalation of Privileges"}]}]},"references":{"reference_data":[{"name":"106846","refsource":"BID","url":"http://www.securityfocus.com/bid/106846"},{"name":"https://source.android.com/security/bulletin/2019-02-01","refsource":"CONFIRM","url":"https://source.android.com/security/bulletin/2019-02-01"},{"refsource":"CONFIRM","name":"https://nvidia.custhelp.com/app/answers/detail/a_id/4787","url":"https://nvidia.custhelp.com/app/answers/detail/a_id/4787"},{"refsource":"CONFIRM","name":"https://nvidia.custhelp.com/app/answers/detail/a_id/4910","url":"https://nvidia.custhelp.com/app/answers/detail/a_id/4910"}]}},"nvd":{"publishedDate":"2019-02-13 22:29:00","lastModifiedDate":"2019-10-03 00:03:00","problem_types":["CWE-119"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":7.8,"baseSeverity":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:C/I:C/A:C","accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE","baseScore":9.3},"severity":"HIGH","exploitabilityScore":8.6,"impactScore":10,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:google:android:-:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2018","CveId":"6271","Ordinal":"122328","Title":"CVE-2018-6271","CVE":"CVE-2018-6271","Year":"2018"},"notes":[{"CveYear":"2018","CveId":"6271","Ordinal":"1","NoteData":"NVIDIA Tegra OpenMax driver (libnvomx) contains a vulnerability in which the software delivers extra data with the buffer and does not properly validated the extra data, which may lead to denial of service or escalation of privileges. Android ID: A-80198474.","Type":"Description","Title":null},{"CveYear":"2018","CveId":"6271","Ordinal":"2","NoteData":"2019-02-13","Type":"Other","Title":"Published"},{"CveYear":"2018","CveId":"6271","Ordinal":"3","NoteData":"2019-12-05","Type":"Other","Title":"Modified"}]}}}