Main Vulnerability Database Vulnerabilities #VU36963

Input validation error in Google Android - CVE-2018-3597

Published: July 6, 2018 / Updated: August 8, 2020

Vulnerability identifier: #VU36963

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2018-3597

CWE-ID: CWE-20

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: Google

Affected software:
Google Android

Detailed vulnerability description

The vulnerability allows a local authenticated user to execute arbitrary code.

In the ADSP RPC driver in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05, an arbitrary kernel write can occur.

How to mitigate CVE-2018-3597

Install update from vendor's website.

Sources

https://source.android.com/security/bulletin/pixel/2018-06-01#qualcomm-components
https://source.codeaurora.org/quic/la/kernel/msm-4.4/commit/?id=e569b915a246627d0449016408a9c0d388ee4ab4

Input validation error in Google Android - CVE-2018-3597

Detailed vulnerability description

How to mitigate CVE-2018-3597

Sources

Please verify you're human