Main Vulnerability Database Vulnerabilities #VU36638

Out-of-bounds read in Google Android - CVE-2018-11897

Published: September 19, 2018 / Updated: August 8, 2020

Vulnerability identifier: #VU36638

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2018-11897

CWE-ID: CWE-125

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: Google

Affected software:
Google Android

Detailed vulnerability description

The vulnerability allows a local authenticated user to execute arbitrary code.

In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while processing diag event after associating to a network out of bounds read occurs if ssid of the network joined is greater than max limit.

How to mitigate CVE-2018-11897

Install update from vendor's website.

Sources

http://www.securityfocus.com/bid/107770
https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=7500b7660997121039001f0ff91ce3b63040544b
https://www.codeaurora.org/security-bulletin/2018/09/04/september-2018-code-aurora-security-bulletin

Out-of-bounds read in Google Android - CVE-2018-11897

Detailed vulnerability description

How to mitigate CVE-2018-11897

Sources

Please verify you're human