CVE-2018-3589

In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Mobile MDM9650, MDM9655, SD 835, SD 845, SD 850, the vswr capture size is larger than the maximum size of a diag logPacket, which can lead to a buffer overflow when the sample buffer is copied to the logPacket buffer.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
qualcommCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 46%
VendorProductVersion
qualcommmdm9650_firmware
-
qualcommmdm9655_firmware
-
qualcommsd_835_firmware
-
qualcommsd_845_firmware
-
qualcommsd_850_firmware
-
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.securityfocus.com/bid/103671
https://source.android.com/security/bulletin/2018-04-01
http://www.securityfocus.com/bid/103671
https://source.android.com/security/bulletin/2018-04-01