ID CVE-2018-11851 Type cve Reporter cve@mitre.org Modified 2019-04-18T13:01:00
Description
In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, lack of check on input received to calculate the buffer length can lead to out of bound write to kernel stack.
{"id": "CVE-2018-11851", "bulletinFamily": "NVD", "title": "CVE-2018-11851", "description": "In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, lack of check on input received to calculate the buffer length can lead to out of bound write to kernel stack.", "published": "2018-09-18T18:29:00", "modified": "2019-04-18T13:01:00", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-11851", "reporter": "cve@mitre.org", "references": ["http://www.securityfocus.com/bid/107770", "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=0f6839316f43d48833750667b979aec11558abc0", "https://www.codeaurora.org/security-bulletin/2018/09/04/september-2018-code-aurora-security-bulletin"], "cvelist": ["CVE-2018-11851"], "type": "cve", "lastseen": "2021-02-02T06:52:25", "edition": 4, "viewCount": 4, "enchantments": {"dependencies": {"references": [], "modified": "2021-02-02T06:52:25", "rev": 2}, "score": {"value": 3.8, "vector": "NONE", "modified": "2021-02-02T06:52:25", "rev": 2}, "vulnersScore": 3.8}, "cpe": ["cpe:/o:google:android:-"], "affectedSoftware": [{"cpeName": "google:android", "name": "google android", "operator": "eq", "version": "-"}], "cvss2": {"acInsufInfo": true, "cvssV2": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "cpe23": ["cpe:2.3:o:google:android:-:*:*:*:*:*:*:*"], "cwe": ["CWE-787"], "scheme": null, "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*", "vulnerable": true}], "operator": "OR"}]}, "extraReferences": [{"name": "107770", "refsource": "BID", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/107770"}, {"name": "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=0f6839316f43d48833750667b979aec11558abc0", "refsource": "CONFIRM", "tags": ["Patch", "Third Party Advisory"], "url": "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=0f6839316f43d48833750667b979aec11558abc0"}, {"name": "https://www.codeaurora.org/security-bulletin/2018/09/04/september-2018-code-aurora-security-bulletin", "refsource": "CONFIRM", "tags": ["Patch", "Third Party Advisory"], "url": "https://www.codeaurora.org/security-bulletin/2018/09/04/september-2018-code-aurora-security-bulletin"}], "immutableFields": []}
