Main Vulnerability Database Vulnerabilities #VU36672

Improper Validation of Array Index in Google Android - CVE-2018-11827

Published: September 18, 2018 / Updated: August 8, 2020

Vulnerability identifier: #VU36672

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2018-11827

CWE-ID: CWE-129

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: Google

Affected software:
Google Android

Detailed vulnerability description

The vulnerability allows a local authenticated user to execute arbitrary code.

In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, improper validation of array index in WMA roam synchronization handler can lead to OOB write.

How to mitigate CVE-2018-11827

Install update from vendor's website.

Sources

http://www.securityfocus.com/bid/107770
https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=4c74687be66c19be0b9bd83d78d033dff5d1a9ae
https://www.codeaurora.org/security-bulletin/2018/09/04/september-2018-code-aurora-security-bulletin

Improper Validation of Array Index in Google Android - CVE-2018-11827

Detailed vulnerability description

How to mitigate CVE-2018-11827

Sources

Please verify you're human