CVE-2018-11889

2018-09-1914:00:00

qualcomm

www.cve.org

7.5 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

20.8%

JSON

In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, when requesting rssi timeout, access invalid memory may occur since local variable ‘context’ stack data of wlan function is free.

References

www.securityfocus.com/bid/107770

source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=4e9edcdbb8d7087dd2c7cc250813426c9c27c4d2

www.codeaurora.org/security-bulletin/2018/09/04/september-2018-code-aurora-security-bulletin