CVE-2018-9388 – CVE-2018-9388 is a critical memory corruption v... (How to Fix)

Q: What is the severity of CVE-2018-9388?

CVE-2018-9388 has a CVSS score of 9.8 (CRITICAL). CVE-2018-9388 is a critical memory corruption vulnerability in STMicroelectronics touchscreen drivers for Android devices. It allows attackers to execute arbitrary code with kernel privileges through out-of-bounds writes, potentially leading to full device compromise. This primarily affects Android devices using STM touchscreen controllers.

📋 TL;DR

CVE-2018-9388 is a critical memory corruption vulnerability in STMicroelectronics touchscreen drivers for Android devices. It allows attackers to execute arbitrary code with kernel privileges through out-of-bounds writes, potentially leading to full device compromise. This primarily affects Android devices using STM touchscreen controllers.

💻 Affected Systems

Products:

Android devices with STMicroelectronics FTS/FTM4 touchscreen controllers

Versions: Android versions prior to 2018-06-05 security patch level

Operating Systems: Android

Default Config Vulnerable: ⚠️ Yes

Notes: Primarily affected Google Pixel devices and other Android phones using STM touchscreen hardware. Requires touchscreen driver to be loaded.

📦 What is this software?

Android by Google

View all CVEs affecting Android →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device takeover with kernel-level privileges, allowing installation of persistent malware, data theft, and bypassing all security controls.

🟠

Likely Case

Local privilege escalation from a compromised app to kernel-level access, enabling further system compromise and persistence.

🟢

If Mitigated

Limited impact if SELinux policies restrict driver access and devices are not rooted or running untrusted apps.

🌐 Internet-Facing: LOW - Requires local access or app execution; not directly exploitable over network.

🏢 Internal Only: MEDIUM - Malicious apps could exploit this if installed, but requires local code execution.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires local code execution through a malicious app. Multiple proof-of-concepts exist demonstrating privilege escalation.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Android security patch level 2018-06-05 or later

Vendor Advisory: https://source.android.com/security/bulletin/pixel/2018-06-01

Restart Required: Yes

Instructions:

1. Apply Android security patch from June 2018 or later. 2. Update device firmware through official channels. 3. Reboot device after update.

🔧 Temporary Workarounds

Disable touchscreen driver (not recommended)

linux

Prevents exploitation by disabling the vulnerable driver, but breaks touchscreen functionality

rmmod ftm4_pdc

Restrict app installations

all

Only install apps from trusted sources like Google Play Store

🧯 If You Can't Patch

Isolate affected devices from sensitive networks and data
Implement strict app installation policies and monitor for suspicious activity

🔍 How to Verify

Check if Vulnerable:

Check Android security patch level in Settings > About phone > Android security patch level. If before June 2018, likely vulnerable.

Check Version:

adb shell getprop ro.build.version.security_patch

Verify Fix Applied:

Verify security patch level is 2018-06-05 or later. Check kernel version includes fixes for CVE-2018-9388.

📡 Detection & Monitoring

Log Indicators:

Kernel panic logs
Unexpected driver crashes in dmesg
SELinux denials for touchscreen driver

Network Indicators:

Unusual outbound connections from system processes

SIEM Query:

source="android" AND (event_id="kernel_panic" OR process_name="ftm4_pdc")

📊 Metadata

CVE ID: CVE-2018-9388

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-191

Published: December 5, 2024

Last Updated: December 19, 2024

🔗 References

https://source.android.com/security/bulletin/pixel/2018-06-01 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2018-9388, you might also want to check these: