Main Vulnerability Database Vulnerabilities #VU36155

#VU36155 Buffer overflow in Google Android - CVE-2018-12010

Published: February 11, 2019 / Updated: August 8, 2020

Vulnerability identifier: #VU36155

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2018-12010

CWE-ID: CWE-119

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
Google Android

Software vendor:
Google

Description

The vulnerability allows a local authenticated user to execute arbitrary code.

In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Absence of length sanity check may lead to possible stack overflow resulting in memory corruption in trustzone region.

Remediation

Install update from vendor's website.

External links

https://www.codeaurora.org/security-bulletin/2019/01/07/january-2019-code-aurora-security-bulletin

#VU36155 Buffer overflow in Google Android - CVE-2018-12010

Description

Remediation

External links

Please verify you're human