Main Vulnerability Database Vulnerabilities #VU36636

Integer overflow in Google Android - CVE-2018-11894

Published: September 19, 2018 / Updated: August 8, 2020

Vulnerability identifier: #VU36636

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2018-11894

CWE-ID: CWE-190

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: Google

Affected software:
Google Android

Detailed vulnerability description

The vulnerability allows a local authenticated user to execute arbitrary code.

In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while processing preferred network offload scan results integer overflow may lead to buffer overflow when large frame length is received from FW.

How to mitigate CVE-2018-11894

Install update from vendor's website.

Sources

http://www.securityfocus.com/bid/107770
https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=e60c5608f843ec106a98a98b33de0c3be070d557
https://www.codeaurora.org/security-bulletin/2018/09/04/september-2018-code-aurora-security-bulletin

Integer overflow in Google Android - CVE-2018-11894

Detailed vulnerability description

How to mitigate CVE-2018-11894

Sources

Please verify you're human