CVE-2018-5860 : In the MDSS driver in all Android releases(Android for MSM, Firefox OS for MSM,

In the MDSS driver in all Android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the Linux kernel, a data structure may be used without being initialized correctly.

Published 2018-06-15 20:29:00

Updated 2018-08-06 14:45:06

Source Qualcomm, Inc.

View at NVD, CVE.org

Products affected by CVE-2018-5860

Google » Android » Version: N/A
cpe:2.3:o:google:android:-:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2018-5860

EPSS FAQ

0.02%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 2 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2018-5860

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
4.9	MEDIUM	AV:L/AC:L/Au:N/C:N/I:N/A:C	3.9	6.9	NIST
Access Vector: Local Access Complexity: Low Authentication: None Confidentiality Impact: None Integrity Impact: None Availability Impact: Complete
5.5	MEDIUM	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H	1.8	3.6	NIST
Attack Vector: Local Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: None Integrity: None Availability: High

CWE ids for CVE-2018-5860

CWE-824 Access of Uninitialized Pointer

The product accesses or uses a pointer that has not been initialized.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2018-5860

https://www.codeaurora.org/security-bulletin/2018/06/04/june-2018-code-aurora-security-bulletin

June 2018 Code Aurora Security Bulletin - Code Aurora
Patch;Third Party Advisory

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2018-5860

Products affected by CVE-2018-5860

Exploit prediction scoring system (EPSS) score for CVE-2018-5860

CVSS scores for CVE-2018-5860

CWE ids for CVE-2018-5860

References for CVE-2018-5860