Main Vulnerability Database Vulnerabilities #VU36288

Buffer overflow in Google Android - CVE-2018-11986

Published: December 20, 2018 / Updated: August 8, 2020

Vulnerability identifier: #VU36288

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2018-11986

CWE-ID: CWE-119

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: Google

Affected software:
Google Android

Detailed vulnerability description

The vulnerability allows a local authenticated user to execute arbitrary code.

In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Possible buffer overflow in TX and RX FIFOs of microcontroller in camera subsystem used to exchange commands and messages between Micro FW and CPP driver.

How to mitigate CVE-2018-11986

Install update from vendor's website.

Sources

https://www.codeaurora.org/security-bulletin/2018/12/03/december-2018-code-aurora-security-bulletin

Buffer overflow in Google Android - CVE-2018-11986

Detailed vulnerability description

How to mitigate CVE-2018-11986

Sources

Please verify you're human