Main Vulnerability Database Vulnerabilities #VU36654

Information disclosure in Google Android - CVE-2018-11275

Published: September 18, 2018 / Updated: August 8, 2020

Vulnerability identifier: #VU36654

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2018-11275

CWE-ID: CWE-200

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: Google

Affected software:
Google Android

Detailed vulnerability description

The vulnerability allows a local authenticated user to gain access to sensitive information.

In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, when flashing image using FastbootLib if size is not divisible by block size, information leak occurs.

How to mitigate CVE-2018-11275

Install update from vendor's website.

Sources

http://www.securityfocus.com/bid/106949
https://source.codeaurora.org/quic/la/abl/tianocore/edk2/commit/?id=bf0261ab128f28763258c620bc95ca379a286b59
https://www.codeaurora.org/security-bulletin/2018/09/04/september-2018-code-aurora-security-bulletin

Information disclosure in Google Android - CVE-2018-11275

Detailed vulnerability description

How to mitigate CVE-2018-11275

Sources

Please verify you're human