CVE-2018-5856

EUVD-2018-17623
In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, due to a race condition, a Use After Free condition can occur in Audio.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.8 HIGH
LOCAL
LOW
LOW
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 18%
Affected Products (NVD)
VendorProductVersion
googleandroid
-
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=3b666735fcc49f5cd3a63440fdc0667ae9316f17
https://source.codeaurora.org/quic/la/platform/vendor/opensource/audio-kernel/commit/?id=7ab92dd2952d59f3c15c856effe94bba1858e3ff
https://www.codeaurora.org/security-bulletin/2018/11/05/november-2018-code-aurora-forum-security-bulletin
https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=3b666735fcc49f5cd3a63440fdc0667ae9316f17
https://source.codeaurora.org/quic/la/platform/vendor/opensource/audio-kernel/commit/?id=7ab92dd2952d59f3c15c856effe94bba1858e3ff
https://www.codeaurora.org/security-bulletin/2018/11/05/november-2018-code-aurora-forum-security-bulletin