CVE-2018-5859

Опубликовано: 06 июл. 2018

Источник: nvd

CVSS3: 7

CVSS2: 4.4

EPSS Низкий

Описание

Due to a race condition in the MDSS MDP driver in all Android releases from CAF using the Linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-07-05, a Use After Free condition can occur.

Ссылки

https://source.android.com/security/bulletin/pixel/2018-07-01
Patch
Vendor Advisory
https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=36400a7fa3753028a3bf89a9cdb28c5e25693c59
Patch
https://www.codeaurora.org/security-bulletin/2018/07/02/july-2018-code-aurora-security-bulletin
Patch
https://source.android.com/security/bulletin/pixel/2018-07-01
Patch
Vendor Advisory
https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=36400a7fa3753028a3bf89a9cdb28c5e25693c59
Patch
https://www.codeaurora.org/security-bulletin/2018/07/02/july-2018-code-aurora-security-bulletin
Patch

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:o:google:android:-:*:*:*:*:*:*:*

EPSS

Процентиль: 15%

0.0005

Низкий

7 High

CVSS3

4.4 Medium

CVSS2

Дефекты

CWE-362

Связанные уязвимости

GHSA-97rm-mr46-24cw