Incorrect permission assignment for critical resource in Google Android - CVE-2018-11914

 

Incorrect permission assignment for critical resource in Google Android - CVE-2018-11914

Published: November 27, 2018 / Updated: August 8, 2020


Vulnerability identifier: #VU36370
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2018-11914
CWE-ID: CWE-732
Exploitation vector: Local access
Exploit availability: No public exploit available
Vendor: Google
Affected software:
Google Android

Detailed vulnerability description

The vulnerability allows a local authenticated user to execute arbitrary code.

In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, improper access control can lead to device node and executable to be run from /systemrw/ which presents a potential security.


How to mitigate CVE-2018-11914

Install update from vendor's website.

Sources