Main Vulnerability Database Vulnerabilities #VU36978

#VU36978 Out-of-bounds read in Google Android - CVE-2018-5897

Published: July 6, 2018 / Updated: August 8, 2020

Vulnerability identifier: #VU36978

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2018-5897

CWE-ID: CWE-125

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Google Android

Software vendor:
Google

Description

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

While reading the data from buffer in dci_process_ctrl_status() there can be buffer over-read problem if the len is not checked correctly in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05.

Remediation

Install update from vendor's website.

External links

https://source.android.com/security/bulletin/pixel/2018-06-01#qualcomm-components