Main Vulnerability Database Vulnerabilities #VU37078

Buffer overflow in Google Android - CVE-2018-5840

Published: June 6, 2018 / Updated: August 8, 2020

Vulnerability identifier: #VU37078

CSH Severity: High

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2018-5840

CWE-ID: CWE-120

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Google

Affected software:
Google Android

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

Buffer Copy without Checking Size of Input can occur during the DRM SDE driver initialization sequence in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel.

How to mitigate CVE-2018-5840

Install update from vendor's website.

Sources

https://source.android.com/security/bulletin/2018-05-01
https://www.codeaurora.org/security-bulletin/2018/05/11/may-2018-code-aurora-security-bulletin-2

Buffer overflow in Google Android - CVE-2018-5840

Detailed vulnerability description

How to mitigate CVE-2018-5840

Sources

Please verify you're human