Main Vulnerability Database Vulnerabilities #VU37079

Input validation error in Google Android - CVE-2018-5841

Published: June 6, 2018 / Updated: August 8, 2020

Vulnerability identifier: #VU37079

CSH Severity: High

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2018-5841

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Google

Affected software:
Google Android

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

dcc_curr_list is initialized with a default invalid value that is expected to be programmed by the user through a sysfs node which could lead to an invalid access in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel.

How to mitigate CVE-2018-5841

Install update from vendor's website.

Sources

https://source.android.com/security/bulletin/2018-05-01
https://www.codeaurora.org/security-bulletin/2018/05/11/may-2018-code-aurora-security-bulletin-2

Input validation error in Google Android - CVE-2018-5841

Detailed vulnerability description

How to mitigate CVE-2018-5841

Sources

Please verify you're human