Main Vulnerability Database Vulnerabilities #VU36366

Incorrect permission assignment for critical resource in Google Android - CVE-2018-11910

Published: November 27, 2018 / Updated: August 8, 2020

Vulnerability identifier: #VU36366

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2018-11910

CWE-ID: CWE-732

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: Google

Affected software:
Google Android

Detailed vulnerability description

The vulnerability allows a local authenticated user to execute arbitrary code.

In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, improper access control can lead to device node and executable to be run from /persist/ which presents a potential issue.

How to mitigate CVE-2018-11910

Install update from vendor's website.

Sources

https://source.codeaurora.org/quic/le/meta-qti-bsp/commit/?id=ecd2fb4ab9e2a6851add554af03cebe337345c44
https://www.codeaurora.org/security-bulletin/2018/11/05/november-2018-code-aurora-forum-security-bulletin

Incorrect permission assignment for critical resource in Google Android - CVE-2018-11910

Detailed vulnerability description

How to mitigate CVE-2018-11910

Sources

Please verify you're human