Main Vulnerability Database Vulnerabilities #VU37120

Buffer overflow in Google Android - CVE-2018-3567

Published: May 18, 2018 / Updated: August 8, 2020

Vulnerability identifier: #VU37120

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2018-3567

CWE-ID: CWE-119

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: Google

Affected software:
Google Android

Detailed vulnerability description

The vulnerability allows a local authenticated user to execute arbitrary code.

In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, a buffer overflow vulnerability exists in WLAN while processing the HTT_T2H_MSG_TYPE_PEER_MAP or HTT_T2H_MSG_TYPE_PEER_UNMAP messages.

How to mitigate CVE-2018-3567

Install update from vendor's website.

Sources

https://source.android.com/security/bulletin/pixel/2018-04-01
https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=f2627fca43bc4403a445c2b84481383ac0249364

Buffer overflow in Google Android - CVE-2018-3567

Detailed vulnerability description

How to mitigate CVE-2018-3567

Sources

Please verify you're human