#VU36970 Out-of-bounds read in Google Android - CVE-2018-5836

Cybersecurity Help s.r.o.

Published: 2018-07-06 | Updated: 2020-08-08

Vulnerability identifier: #VU36970

Vulnerability risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2018-5836

CWE-ID: CWE-125

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Google Android
Operating systems & Components / Operating system

Vendor: Google

Description

The vulnerability allows a local authenticated user to gain access to sensitive information.

In wma_nan_rsp_event_handler() in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05, the data_len value is received from firmware and not properly validated which could potentially lead to an out-of-bounds access.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Google Android: All versions

External links
https://source.android.com/security/bulletin/pixel/2018-06-01#qualcomm-components
https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=12a789c2e0e9fd2df40ac13ac27fe99487263887
https://www.codeaurora.org/security-bulletin/2018/07/02/july-2018-code-aurora-security-bulletin

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Out-of-bounds read in Google, Google Android