Vulnerability Details : CVE-2018-11842
In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, during wlan association, driver allocates memory. In case the mem allocation fails driver does a mem free though the memory was not allocated.
Vulnerability category: Overflow
Exploit prediction scoring system (EPSS) score for CVE-2018-11842
Probability of exploitation activity in the next 30 days: 0.05%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 19 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2018-11842
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
7.2
|
HIGH | AV:L/AC:L/Au:N/C:C/I:C/A:C |
3.9
|
10.0
|
NIST |
|
7.8
|
HIGH | CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
1.8
|
5.9
|
NIST |
CWE ids for CVE-2018-11842
-
The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.Assigned by: nvd@nist.gov (Primary)
References for CVE-2018-11842
-
https://www.codeaurora.org/security-bulletin/2018/09/04/september-2018-code-aurora-security-bulletin
September 2018 Code Aurora Security Bulletin - Code AuroraPatch;Third Party Advisory
-
https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=5eea70b9d5852e468467c1565927dbe0c76d8674
platform/vendor/qcom-opensource/wlan/qcacld-3.0 - Unnamed repositoryPatch;Third Party Advisory
-
https://source.android.com/security/bulletin/2018-09-01#qualcomm-components
Android Security Bulletin—September 2018 | Android Open Source ProjectPatch;Vendor Advisory
Products affected by CVE-2018-11842
- cpe:2.3:o:google:android:-:*:*:*:*:*:*:*