ID CVE-2018-5849
Summary Due to a race condition in the QTEECOM driver in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel, when more than one HLOS client loads the same TA, a Use After Free condition can occur.
References
Vulnerable Configurations
  • cpe:2.3:o:google:android:-:*:*:*:*:*:*:*
    cpe:2.3:o:google:android:-:*:*:*:*:*:*:*
CVSS
Base: 4.4 (as of 03-08-2018 - 18:37)
Impact:
Exploitability:
CWE CWE-416
CAPEC
Access
VectorComplexityAuthentication
LOCAL MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:L/AC:M/Au:N/C:P/I:P/A:P
refmap via4
misc https://www.codeaurora.org/security-bulletin/2018/05/11/may-2018-code-aurora-security-bulletin-2
Last major update 03-08-2018 - 18:37
Published 12-06-2018 - 20:29
Last modified 03-08-2018 - 18:37
Back to Top