Main Vulnerability Database Vulnerabilities #VU36678

Out-of-bounds write in Google Android - CVE-2018-11851

Published: September 18, 2018 / Updated: August 8, 2020

Vulnerability identifier: #VU36678

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2018-11851

CWE-ID: CWE-787

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: Google

Affected software:
Google Android

Detailed vulnerability description

The vulnerability allows a local authenticated user to execute arbitrary code.

In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, lack of check on input received to calculate the buffer length can lead to out of bound write to kernel stack.

How to mitigate CVE-2018-11851

Install update from vendor's website.

Sources

http://www.securityfocus.com/bid/107770
https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=0f6839316f43d48833750667b979aec11558abc0
https://www.codeaurora.org/security-bulletin/2018/09/04/september-2018-code-aurora-security-bulletin

Out-of-bounds write in Google Android - CVE-2018-11851

Detailed vulnerability description

How to mitigate CVE-2018-11851

Sources

Please verify you're human