Double Free in Google Android - CVE-2018-11918

 

Double Free in Google Android - CVE-2018-11918

Published: November 27, 2018 / Updated: August 8, 2020


Vulnerability identifier: #VU36371
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2018-11918
CWE-ID: CWE-415
Exploitation vector: Local access
Exploit availability: No public exploit available
Vendor: Google
Affected software:
Google Android

Detailed vulnerability description

The vulnerability allows a local authenticated user to execute arbitrary code.

In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, memory allocated is automatically released by the kernel if the 'probe' function fails with an error code.


How to mitigate CVE-2018-11918

Install update from vendor's website.

Sources