Main Vulnerability Database Vulnerabilities #VU36972

Out-of-bounds read in Google Android - CVE-2018-5888

Published: July 6, 2018 / Updated: August 8, 2020

Vulnerability identifier: #VU36972

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2018-5888

CWE-ID: CWE-125

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: Google

Affected software:
Google Android

Detailed vulnerability description

The vulnerability allows a local authenticated user to execute arbitrary code.

While processing the system path, an out of bounds access can occur in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05.

How to mitigate CVE-2018-5888

Install update from vendor's website.

Sources

https://source.android.com/security/bulletin/pixel/2018-06-01#qualcomm-components
https://source.codeaurora.org/quic/la/abl/tianocore/edk2/commit/?id=5388803fa6d004382f4a857056ce06d963698d9c

Out-of-bounds read in Google Android - CVE-2018-5888

Detailed vulnerability description

How to mitigate CVE-2018-5888

Sources

Please verify you're human