Main Vulnerability Database Vulnerabilities #VU36154

Information disclosure in Google Android - CVE-2018-12006

Published: February 11, 2019 / Updated: August 8, 2020

Vulnerability identifier: #VU36154

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2018-12006

CWE-ID: CWE-200

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: Google

Affected software:
Google Android

Detailed vulnerability description

The vulnerability allows a local authenticated user to gain access to sensitive information.

In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Users with no extra privileges can potentially access leaked data due to uninitialized padding present in display function.

How to mitigate CVE-2018-12006

Install update from vendor's website.

Sources

https://www.codeaurora.org/security-bulletin/2019/01/07/january-2019-code-aurora-security-bulletin

Information disclosure in Google Android - CVE-2018-12006

Detailed vulnerability description

How to mitigate CVE-2018-12006

Sources

Please verify you're human