7.8

CVE-2018-11276

EPSS 0.03%
Veröffentlicht 18.09.2018 18:29:02
Zuletzt bearbeitet 21.11.2024 03:43:02
Quelle product-security@qualcomm.com
CVE-Watchlists
Login
Unerledigt
Login

In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, double free of memory allocation is possible in Kernel when it explicitly tries to free that memory on driver probe failure, since memory allocated is automatically freed on probe.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Google ≫ Android Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.03%	0.056

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	4.6	3.9	6.4	AV:L/AC:L/Au:N/C:P/I:P/A:P

CWE-415 Double Free

The product calls free() twice on the same memory address, potentially leading to modification of unexpected memory locations.

https://www.codeaurora.org/security-bulletin/2018/09/04/september-2018-code-aurora-security-bulletin

Patch

Third Party Advisory

https://source.android.com/security/bulletin/pixel/2018-09-01#qualcomm-components

Patch

Vendor Advisory

https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=83a44ca6057bf9c1e36515cded28edc32a4a1501

Patch

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2018-11276

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2018-11276

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2018-11276

EUVD