Incorrect permission assignment for critical resource in Google Android - CVE-2018-11914
Published: November 27, 2018 / Updated: August 8, 2020
Google Android
Detailed vulnerability description
The vulnerability allows a local authenticated user to execute arbitrary code.
In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, improper access control can lead to device node and executable to be run from /systemrw/ which presents a potential security.
How to mitigate CVE-2018-11914
Sources
- https://source.codeaurora.org/quic/le/meta-qti-bsp/commit/?id=e1a95254dd0ec874f884160aaf0f5ce7947a06c8
- https://source.codeaurora.org/quic/le/meta-qti-bsp/commit/?id=ecd2fb4ab9e2a6851add554af03cebe337345c44
- https://www.codeaurora.org/security-bulletin/2018/11/05/november-2018-code-aurora-forum-security-bulletin