CVE-2017-13308

MEDIUM EPSS 0.3%
Published Dec 5, 20241y ago · Modified Jun 17, 20262w ago
6.7 CVSS 3.1
Medium
Find Similar
Published Dec 5, 2024 1y ago
Last Modified Jun 17, 2026 2w ago

Description

In tscpu_write_GPIO_out and mtkts_Abts_write of mtk_ts_Abts.c, there is a possible buffer overflow in an sscanf due to improper input validation. This could lead to a local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

CVSS Details

Base Score
6.7
Exploitability
0.8
Impact
5.9
Vector string
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required High
User Interaction None
Scope Unchanged
Confidentiality High
Integrity High
Availability High

Threat Intelligence

EPSS Exploit Probability
0.3% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available

Weaknesses 1

CWE-120

Affected Products 1

VendorProductVersionRange
googleandroid*any

References 1

  • source.android.com https://source.android.com/security/bulletin/pixel/2018-06-01
    Vendor Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.