Main Vulnerability Database SB2018091842

SB2018091842 - Race condition in Google, Google Android

Published: September 18, 2018 Updated: August 8, 2020

Security Bulletin ID SB2018091842

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Local access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Race condition (CVE-ID: CVE-2018-11818)

The vulnerability allows a local authenticated user to execute arbitrary code.

In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, LUT configuration is passed down to driver from userspace via ioctl. Simultaneous update from userspace while kernel drivers are updating LUT registers can lead to race condition.

Remediation

Install update from vendor's website.

References

https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=7d1e40be0f7da526f1109005383aa55f5646fc13
https://source.codeaurora.org/quic/la/kernel/msm-4.4/commit/?id=999bfde119d881a09218eb045d41fb83e67f0d10
https://www.codeaurora.org/security-bulletin/2018/09/04/september-2018-code-aurora-security-bulletin