Main Vulnerability Database Vulnerabilities #VU36650

Buffer overflow in Google Android - CVE-2018-11265

Published: September 18, 2018 / Updated: August 8, 2020

Vulnerability identifier: #VU36650

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2018-11265

CWE-ID: CWE-119

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: Google

Affected software:
Google Android

Detailed vulnerability description

The vulnerability allows a local authenticated user to execute arbitrary code.

In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, possible buffer overflow while incrementing the log_buf of type uint64_t in memcpy function, since the log_buf pointer can access the memory beyond the size to store the data after pointer increment.

How to mitigate CVE-2018-11265

Install update from vendor's website.

Sources

https://source.android.com/security/bulletin/pixel/2018-09-01#qualcomm-components
https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=b211b051d7ca226d96b70defe10ac318f768b5b2
https://www.codeaurora.org/security-bulletin/2018/09/04/september-2018-code-aurora-security-bulletin

Buffer overflow in Google Android - CVE-2018-11265

Detailed vulnerability description

How to mitigate CVE-2018-11265

Sources

Please verify you're human