CVE-2018-11262

EPSS 0.03%
Veröffentlicht 04.09.2018 16:29:00
Zuletzt bearbeitet 21.11.2024 03:43:00
Quelle product-security@qualcomm.com
CVE-Watchlists
Login
Unerledigt
Login

In Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel while trying to find out total number of partition via a non zero check, there could be possibility where the 'TotalPart' could cross 'GptHeader->MaxPtCnt' and which could result in OOB write in patching GPT.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 2 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Google ≫ Android Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.03%	0.076

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	7.2	3.9	10	AV:L/AC:L/Au:N/C:C/I:C/A:C

CWE-682 Incorrect Calculation

The product performs a calculation that generates incorrect or unintended results that are later used in security-critical decisions or resource management.

CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

http://www.securityfocus.com/bid/106949

Third Party Advisory

VDB Entry

https://source.codeaurora.org/quic/la/abl/tianocore/edk2/commit/?id=29ab5eb75bc9ed01466ab1a98e932e59fe27ad42

Patch

Third Party Advisory

https://www.codeaurora.org/security-bulletin/2018/08/06/august-2018-code-aurora-security-bulletin

Patch

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2018-11262

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2018-11262

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2018-11262

EUVD