Login Sign Up

CVE-2018-9371

6.4 MEDIUM

📋 TL;DR

CVE-2018-9371 is a memory corruption vulnerability in MediaTek Preloader that allows arbitrary peripheral memory mapping due to insufficient access controls. This enables local privilege escalation on affected Android devices when an attacker has physical access and can interact with the device. The vulnerability affects Android devices using MediaTek chipsets.

💻 Affected Systems

Products:
  • Android devices with MediaTek chipsets
Versions: Android versions prior to June 2018 security patch
Operating Systems: Android
Default Config Vulnerable: ⚠️ Yes
Notes: Specifically affects MediaTek Preloader implementation; requires MediaTek SoC.

📦 What is this software?

Android by Google

View all CVEs affecting Android →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device compromise allowing attacker to bypass all security controls, install persistent malware, access sensitive data, and potentially brick the device.

🟠

Likely Case

Local attacker with brief physical access could gain elevated privileges to install malicious apps, modify system settings, or access protected data.

🟢

If Mitigated

With proper physical security controls and updated firmware, risk is limited to devices that remain unpatched and accessible to malicious actors.

🌐 Internet-Facing: LOW - Requires physical access and user interaction, not remotely exploitable.
🏢 Internal Only: MEDIUM - Physical access requirement makes this primarily an insider threat or lost/stolen device concern.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Requires physical access and user interaction; exploitation involves memory manipulation through exposed interface.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Android June 2018 security patch and later

Vendor Advisory: https://source.android.com/security/bulletin/2018-06-01

Restart Required: Yes

Instructions:

1. Check for Android system updates in Settings > System > System update. 2. Install June 2018 or later security patch. 3. Reboot device after installation. 4. Verify patch installation in Settings > About phone > Android security patch level.

🔧 Temporary Workarounds

Physical Security Controls

all

Implement strict physical access controls to prevent unauthorized device handling

Device Encryption Enforcement

android

Ensure full device encryption is enabled to protect data if device is compromised

🧯 If You Can't Patch

  • Implement strict physical security controls and device tracking
  • Consider retiring affected devices or limiting their use to low-risk scenarios

🔍 How to Verify

Check if Vulnerable:

Check Android security patch level in Settings > About phone > Android security patch level. If date is before June 2018, device is vulnerable.

Check Version:

adb shell getprop ro.build.version.security_patch

Verify Fix Applied:

Verify Android security patch level shows June 2018 or later date.

📡 Detection & Monitoring

Log Indicators:

  • Unusual bootloader/preloader activity
  • Unexpected memory access patterns in kernel logs

Network Indicators:

  • None - local physical attack only

SIEM Query:

Not applicable - requires physical access

📊 Metadata

CVE ID: CVE-2018-9371
CVSS v3 Score: 6.4 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-125
Published: November 19, 2024
Last Updated: November 22, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2018-9371, you might also want to check these:

CVE-2021-41556 10.0

CVE-2021-41556 is a critical out-of-bounds read vulnerability in Squirrel scripting language that al...

Same vulnerability type (CWE-125)
CVE-2024-22004 10.0

This vulnerability allows attackers with privileged access on Linux non-secure operating systems to ...

Same vulnerability type (CWE-125)
CVE-2021-21777 10.0

CVE-2021-21777 is a critical out-of-bounds read vulnerability in the Ethernet/IP UDP handler of OpEN...

Same vulnerability type (CWE-125)