CVE-2018-5886

Опубликовано: 06 июл. 2018

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

A pointer in an ADSPRPC command is not properly validated in all Android releases from CAF using the Linux kernel (Android for MSM, Firefox OS for MSM, QRD Android), which can lead to kernel memory being accessed.

Ссылки

https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=97017d59158086689488bdcfcafb59654a6f10da
Patch
Third Party Advisory
https://www.codeaurora.org/security-bulletin/2018/07/02/july-2018-code-aurora-security-bulletin
Third Party Advisory
https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=97017d59158086689488bdcfcafb59654a6f10da
Patch
Third Party Advisory
https://www.codeaurora.org/security-bulletin/2018/07/02/july-2018-code-aurora-security-bulletin
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:o:google:android:-:*:*:*:*:*:*:*

EPSS

Процентиль: 30%

0.00115

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-125

Связанные уязвимости

GHSA-hq29-m595-3gjq