Main Vulnerability Database Vulnerabilities #VU36978

Out-of-bounds read in Google Android - CVE-2018-5897

Published: July 6, 2018 / Updated: August 8, 2020

Vulnerability identifier: #VU36978

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2018-5897

CWE-ID: CWE-125

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Google

Affected software:
Google Android

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

While reading the data from buffer in dci_process_ctrl_status() there can be buffer over-read problem if the len is not checked correctly in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05.

How to mitigate CVE-2018-5897

Install update from vendor's website.

Sources

https://source.android.com/security/bulletin/pixel/2018-06-01#qualcomm-components

Out-of-bounds read in Google Android - CVE-2018-5897

Detailed vulnerability description

How to mitigate CVE-2018-5897

Sources

Please verify you're human