CVE-2018-11895

EUVD-2018-3887
In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, improper length check Validation in WLAN function can lead to driver writes the default rsn capabilities to the memory not allocated to the frame.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.8 HIGH
LOCAL
LOW
LOW
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 8%
Affected Products (NVD)
VendorProductVersion
googleandroid
-
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.securityfocus.com/bid/107770
https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=3dfe93028c0c6564db7aa4607a85413195925aa4
https://www.codeaurora.org/security-bulletin/2018/09/04/september-2018-code-aurora-security-bulletin
http://www.securityfocus.com/bid/107770
https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=3dfe93028c0c6564db7aa4607a85413195925aa4
https://www.codeaurora.org/security-bulletin/2018/09/04/september-2018-code-aurora-security-bulletin