exploitDog

CVE-2018-5897

Опубликовано: 06 июл. 2018

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

While reading the data from buffer in dci_process_ctrl_status() there can be buffer over-read problem if the len is not checked correctly in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05.

Ссылки

https://source.android.com/security/bulletin/pixel/2018-06-01#qualcomm-components
Vendor Advisory
https://source.android.com/security/bulletin/pixel/2018-06-01#qualcomm-components
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:o:google:android:-:*:*:*:*:*:*:*

EPSS

Процентиль: 36%

0.00153

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-125

Связанные уязвимости

GHSA-r3q4-wc3p-2gx3

CVSS3: 7.5

github

больше 3 лет назад

While reading the data from buffer in dci_process_ctrl_status() there can be buffer over-read problem if the len is not checked correctly in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05.

EPSS

Процентиль: 36%

0.00153

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-125