Improper Initialization in Google Android - CVE-2018-11943

 

Improper Initialization in Google Android - CVE-2018-11943

Published: November 27, 2018 / Updated: August 8, 2020


Vulnerability identifier: #VU36373
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2018-11943
CWE-ID: CWE-665
Exploitation vector: Local access
Exploit availability: No public exploit available
Vendor: Google
Affected software:
Google Android

Detailed vulnerability description

The vulnerability allows a local authenticated user to execute arbitrary code.

In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while processing fastboot flash command, memory leak or unexpected behavior may occur due to processing of unintialized data buffers.


How to mitigate CVE-2018-11943

Install update from vendor's website.

Sources