Buffer overflow in Google Android - CVE-2018-12010

 

Buffer overflow in Google Android - CVE-2018-12010

Published: February 11, 2019 / Updated: August 8, 2020


Vulnerability identifier: #VU36155
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2018-12010
CWE-ID: CWE-119
Exploitation vector: Local access
Exploit availability: No public exploit available
Vendor: Google
Affected software:
Google Android

Detailed vulnerability description

The vulnerability allows a local authenticated user to execute arbitrary code.

In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Absence of length sanity check may lead to possible stack overflow resulting in memory corruption in trustzone region.


How to mitigate CVE-2018-12010

Install update from vendor's website.

Sources