CVE-2018-5831 - In the KGSL driver in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS

CVE-2018-5831

Summary

In the KGSL driver in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05, a reference counting error can lead to a Use After Free condition.

References

https://source.android.com/security/bulletin/2018-06-01#qualcomm-components
https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=e3e13d745238ad8853af47c2d938344ea8d3c77f
https://www.codeaurora.org/security-bulletin/2018/07/02/july-2018-code-aurora-security-bulletin

Vulnerable Configurations

cpe:2.3:o:google:android:-:*:*:*:*:*:*:*
cpe:2.3:o:google:android:-:*:*:*:*:*:*:*

CVSS

Base:	7.2 (as of 29-08-2018 - 15:41)
Impact:
Exploitability:

CWE

CWE-416

CAPEC

Access

Vector	Complexity	Authentication
LOCAL	LOW	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:L/AC:L/Au:N/C:C/I:C/A:C

refmap via4

confirm

https://source.android.com/security/bulletin/2018-06-01#qualcomm-components
https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=e3e13d745238ad8853af47c2d938344ea8d3c77f
https://www.codeaurora.org/security-bulletin/2018/07/02/july-2018-code-aurora-security-bulletin

Last major update

29-08-2018 - 15:41

Published

06-07-2018 - 17:29

Last modified

29-08-2018 - 15:41