Main Vulnerability Database Vulnerabilities #VU36947

Race condition in Google Android - CVE-2018-5859

Published: July 6, 2018 / Updated: August 8, 2020

Vulnerability identifier: #VU36947

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2018-5859

CWE-ID: CWE-362

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: Google

Affected software:
Google Android

Detailed vulnerability description

The vulnerability allows a local authenticated user to execute arbitrary code.

Due to a race condition in the MDSS MDP driver in all Android releases from CAF using the Linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-07-05, a Use After Free condition can occur.

How to mitigate CVE-2018-5859

Install update from vendor's website.

Sources

https://source.android.com/security/bulletin/pixel/2018-07-01
https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=36400a7fa3753028a3bf89a9cdb28c5e25693c59
https://www.codeaurora.org/security-bulletin/2018/07/02/july-2018-code-aurora-security-bulletin

Race condition in Google Android - CVE-2018-5859

Detailed vulnerability description

How to mitigate CVE-2018-5859

Sources

Please verify you're human