7.8
CVE-2018-11266
- EPSS 0.19%
- Veröffentlicht 27.11.2018 16:29:00
- Zuletzt bearbeitet 21.11.2024 03:43:01
- CVE-Watchlists
- Unerledigt
In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, improper input validation can lead to an improper access to already freed up dci client entries while closing dci client.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.19% | 0.089 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.8 | 1.8 | 5.9 |
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 4.6 | 3.9 | 6.4 |
AV:L/AC:L/Au:N/C:P/I:P/A:P
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
https://www.codeaurora.org/security-bulletin/2018/08/06/august-2018-code-aurora-security-bulletin
https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=21dd238ad58362877e341d905bea1c7cf273f19a
https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=8e5749b17c2024af317f06e08aae455af9b79bd0