CVE-2018-11918 - In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux k

CVE-2018-11918

Summary

In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, memory allocated is automatically released by the kernel if the 'probe' function fails with an error code.

References

https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=5ca16318bf1a409e9e5c169dc5b7f0821e5323d7
https://www.codeaurora.org/security-bulletin/2018/11/05/november-2018-code-aurora-forum-security-bulletin

Vulnerable Configurations

cpe:2.3:o:google:android:-:*:*:*:*:*:*:*
cpe:2.3:o:google:android:-:*:*:*:*:*:*:*

CVSS

Base:	4.6 (as of 21-12-2018 - 16:03)
Impact:
Exploitability:

CWE

CWE-415

CAPEC

Access

Vector	Complexity	Authentication
LOCAL	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:L/AC:L/Au:N/C:P/I:P/A:P

refmap via4

confirm

https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=5ca16318bf1a409e9e5c169dc5b7f0821e5323d7
https://www.codeaurora.org/security-bulletin/2018/11/05/november-2018-code-aurora-forum-security-bulletin

Last major update

21-12-2018 - 16:03

Published

27-11-2018 - 16:29

Last modified

21-12-2018 - 16:03