Main Vulnerability Database Vulnerabilities #VU36966

Use-after-free in Google Android - CVE-2018-5831

Published: July 6, 2018 / Updated: August 8, 2020

Vulnerability identifier: #VU36966

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2018-5831

CWE-ID: CWE-416

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: Google

Affected software:
Google Android

Detailed vulnerability description

The vulnerability allows a local authenticated user to execute arbitrary code.

In the KGSL driver in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05, a reference counting error can lead to a Use After Free condition.

How to mitigate CVE-2018-5831

Install update from vendor's website.

Sources

https://source.android.com/security/bulletin/2018-06-01#qualcomm-components
https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=e3e13d745238ad8853af47c2d938344ea8d3c77f
https://www.codeaurora.org/security-bulletin/2018/07/02/july-2018-code-aurora-security-bulletin

Use-after-free in Google Android - CVE-2018-5831

Detailed vulnerability description

How to mitigate CVE-2018-5831

Sources

Please verify you're human