CVE-2018-11266

Опубликовано: 27 нояб. 2018

Источник: nvd

CVSS3: 7.8

CVSS2: 4.6

EPSS Низкий

Описание

In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, improper input validation can lead to an improper access to already freed up dci client entries while closing dci client.

Ссылки

https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=21dd238ad58362877e341d905bea1c7cf273f19a
Patch
Third Party Advisory
https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=8e5749b17c2024af317f06e08aae455af9b79bd0
Patch
Third Party Advisory
https://www.codeaurora.org/security-bulletin/2018/08/06/august-2018-code-aurora-security-bulletin
Patch
Third Party Advisory
https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=21dd238ad58362877e341d905bea1c7cf273f19a
Patch
Third Party Advisory
https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=8e5749b17c2024af317f06e08aae455af9b79bd0
Patch
Third Party Advisory
https://www.codeaurora.org/security-bulletin/2018/08/06/august-2018-code-aurora-security-bulletin
Patch
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:o:google:android:-:*:*:*:*:*:*:*

EPSS

Процентиль: 8%

0.00031

Низкий

7.8 High

CVSS3

4.6 Medium

CVSS2

Дефекты

CWE-20

Связанные уязвимости

GHSA-c7r5-q5r7-r85f