exploitDog

CVE-2018-5849

Опубликовано: 12 июн. 2018

Источник: nvd

CVSS3: 7

CVSS2: 4.4

EPSS Низкий

Описание

Due to a race condition in the QTEECOM driver in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel, when more than one HLOS client loads the same TA, a Use After Free condition can occur.

Ссылки

https://www.codeaurora.org/security-bulletin/2018/05/11/may-2018-code-aurora-security-bulletin-2
Patch
Third Party Advisory
https://source.android.com/security/bulletin/pixel/2018-05-01
Third Party Advisory
https://www.codeaurora.org/security-bulletin/2018/05/11/may-2018-code-aurora-security-bulletin-2
Patch
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:o:google:android:-:*:*:*:*:*:*:*

EPSS

Процентиль: 9%

0.00034

Низкий

7 High

CVSS3

4.4 Medium

CVSS2

Дефекты

CWE-362

Связанные уязвимости

GHSA-q3f9-g8q7-frj2

CVSS3: 7

github

больше 3 лет назад

Due to a race condition in the QTEECOM driver in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel, when more than one HLOS client loads the same TA, a Use After Free condition can occur.

EPSS

Процентиль: 9%

0.00034

Низкий

7 High

CVSS3

4.4 Medium

CVSS2

Дефекты

CWE-362