Main Vulnerability Database Vulnerabilities #VU36958

Buffer overflow in Google Android - CVE-2017-18158

Published: July 6, 2018 / Updated: August 8, 2020

Vulnerability identifier: #VU36958

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2017-18158

CWE-ID: CWE-119

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: Google

Affected software:
Google Android

Detailed vulnerability description

The vulnerability allows a local authenticated user to execute arbitrary code.

Possible buffer overflows and array out of bounds accesses in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05 while flashing images.

How to mitigate CVE-2017-18158

Install update from vendor's website.

Sources

https://source.android.com/security/bulletin/2018-06-01#qualcomm-components
https://source.codeaurora.org/quic/la/abl/tianocore/edk2/commit/?id=316136f292cedaecf17823d6f3b63cf2d11314b3

Buffer overflow in Google Android - CVE-2017-18158

Detailed vulnerability description

How to mitigate CVE-2017-18158

Sources

Please verify you're human