Main Vulnerability Database Vulnerabilities #VU36671

Integer overflow in Google Android - CVE-2018-11826

Published: September 18, 2018 / Updated: August 8, 2020

Vulnerability identifier: #VU36671

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2018-11826

CWE-ID: CWE-190

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: Google

Affected software:
Google Android

Detailed vulnerability description

The vulnerability allows a local authenticated user to execute arbitrary code.

In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, lack of check on integer overflow while calculating memory can lead to Buffer overflow in WLAN ext scan handler.

How to mitigate CVE-2018-11826

Install update from vendor's website.

Sources

http://www.securityfocus.com/bid/107770
https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=650afe0c0ec2f566c9546b3b8e400b36fcf44aed
https://www.codeaurora.org/security-bulletin/2018/09/04/september-2018-code-aurora-security-bulletin

Integer overflow in Google Android - CVE-2018-11826

Detailed vulnerability description

How to mitigate CVE-2018-11826

Sources

Please verify you're human