Vulnerabilities > CVE-2018-18318 - NULL Pointer Dereference vulnerability in Qiku 360 Mobile Phone N6 PRO Firmware V096

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

network

low complexity

qiku

CWE-476

NVD

Published: 2018-10-15

Updated: 2019-01-23

Summary

The /dev/block/mmcblk0rpmb driver kernel module on Qiku 360 Phone N6 Pro 1801-A01 devices allows attackers to cause a denial of service (NULL pointer dereference and device crash) via a crafted 0xc0d8b300 ioctl call.

Vulnerable Configurations

Part	Description	Count
OS	Qiku Qiku 360 Mobile Phone N6 PRO Firmware V096	1
Hardware	Qiku Qiku 360 Mobile Phone N6 PRO -	1

Common Weakness Enumeration (CWE)

CWE-476 - NULL Pointer Dereference

References

https://github.com/datadancer/HIAFuzz/blob/master/360%20Phone%20N6%20Pro%20Kernel%20Vuln.md