Main Vulnerability Database Vulnerabilities #VU36367

Improper Privilege Management in Google Android - CVE-2018-11911

Published: November 27, 2018 / Updated: August 8, 2020

Vulnerability identifier: #VU36367

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2018-11911

CWE-ID: CWE-269

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: Google

Affected software:
Google Android

Detailed vulnerability description

The vulnerability allows a local authenticated user to execute arbitrary code.

In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, improper configuration of script may lead to unprivileged access.

How to mitigate CVE-2018-11911

Install update from vendor's website.

Sources

https://source.codeaurora.org/quic/le/meta-qti-bsp/commit/?id=34d3d7fe7e98cc0a6fb0995107d1cd99d6f29798
https://www.codeaurora.org/security-bulletin/2018/11/05/november-2018-code-aurora-forum-security-bulletin

Improper Privilege Management in Google Android - CVE-2018-11911

Detailed vulnerability description

How to mitigate CVE-2018-11911

Sources

Please verify you're human