Описание
In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, in wma_ndp_confirm_event_handler and wma_ndp_indication_event_handler, ndp_cfg len and num_ndp_app_info is from fw. If they are not checked, it may cause buffer over-read once the value is too large.
Ссылки
- PatchVendor Advisory
- PatchThird Party Advisory
- https://www.codeaurora.org/security-bulletin/2018/09/04/september-2018-code-aurora-security-bulletinPatchThird Party Advisory
- PatchVendor Advisory
- PatchThird Party Advisory
- https://www.codeaurora.org/security-bulletin/2018/09/04/september-2018-code-aurora-security-bulletinPatchThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:o:google:android:-:*:*:*:*:*:*:*
EPSS
Процентиль: 18%
0.00057
Низкий
5.7 Medium
CVSS3
3.3 Low
CVSS2
Дефекты
CWE-125
Связанные уязвимости
CVSS3: 5.7
github
больше 3 лет назад
In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, in wma_ndp_confirm_event_handler and wma_ndp_indication_event_handler, ndp_cfg len and num_ndp_app_info is from fw. If they are not checked, it may cause buffer over-read once the value is too large.
EPSS
Процентиль: 18%
0.00057
Низкий
5.7 Medium
CVSS3
3.3 Low
CVSS2
Дефекты
CWE-125