Main Vulnerability Database Vulnerabilities #VU36643

Buffer overflow in Google Android - CVE-2018-3573

Published: September 19, 2018 / Updated: August 8, 2020

Vulnerability identifier: #VU36643

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2018-3573

CWE-ID: CWE-119

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: Google

Affected software:
Google Android

Detailed vulnerability description

The vulnerability allows a local authenticated user to execute arbitrary code.

In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while relocating kernel images with a specially crafted boot image, an out of bounds access can occur.

How to mitigate CVE-2018-3573

Install update from vendor's website.

Sources

https://source.codeaurora.org/quic/la/kernel/lk/commit/?id=49ecadaf98f99d7ef0b5a05a8320e5328da42008
https://www.codeaurora.org/security-bulletin/2018/09/04/september-2018-code-aurora-security-bulletin

Buffer overflow in Google Android - CVE-2018-3573

Detailed vulnerability description

How to mitigate CVE-2018-3573

Sources

Please verify you're human