Main Vulnerability Database Vulnerabilities #VU36641

Improper Validation of Array Index in Google Android - CVE-2018-11903

Published: September 19, 2018 / Updated: August 8, 2020

Vulnerability identifier: #VU36641

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2018-11903

CWE-ID: CWE-129

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: Google

Affected software:
Google Android

Detailed vulnerability description

The vulnerability allows a local authenticated user to execute arbitrary code.

In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, lack of length validation check for value received from caller function used as an array index for WMA interfaces can lead to OOB write in WLAN HOST.

How to mitigate CVE-2018-11903

Install update from vendor's website.

Sources

https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=84cd3bee44fa37b196cfad8b15d858408534862d
https://www.codeaurora.org/security-bulletin/2018/09/04/september-2018-code-aurora-security-bulletin

Improper Validation of Array Index in Google Android - CVE-2018-11903

Detailed vulnerability description

How to mitigate CVE-2018-11903

Sources

Please verify you're human