Main Vulnerability Database Vulnerabilities #VU36156

Information disclosure in Google Android - CVE-2018-12011

Published: February 11, 2019 / Updated: August 8, 2020

Vulnerability identifier: #VU36156

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2018-12011

CWE-ID: CWE-200

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: Google

Affected software:
Google Android

Detailed vulnerability description

The vulnerability allows a local authenticated user to gain access to sensitive information.

In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Uninitialized data for socket address leads to information exposure.

How to mitigate CVE-2018-12011

Install update from vendor's website.

Sources

https://www.codeaurora.org/security-bulletin/2019/01/07/january-2019-code-aurora-security-bulletin

Information disclosure in Google Android - CVE-2018-12011

Detailed vulnerability description

How to mitigate CVE-2018-12011

Sources

Please verify you're human