Buffer overflow in Google Android - CVE-2018-5858
Published: July 6, 2018 / Updated: August 8, 2020
Vulnerability identifier: #VU36946
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2018-5858
CWE-ID: CWE-119
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Google
Affected software:
Google Android
Google Android
Detailed vulnerability description
The vulnerability allows a local authenticated user to execute arbitrary code.
In the audio debugfs in all Android releases from CAF using the Linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-07-05, out of bounds access can occur.
How to mitigate CVE-2018-5858
Install update from vendor's website.
Sources
- https://source.android.com/security/bulletin/pixel/2018-07-01
- https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=cd1f0cdd4715e8eae4066bd34df2eef4cf94bd7f
- https://source.codeaurora.org/quic/la/platform/vendor/opensource/audio-kernel/commit/?id=78193fa06b267c1d6582e5e6f9fb779cf067015e
- https://www.codeaurora.org/security-bulletin/2018/07/02/july-2018-code-aurora-security-bulletin