7.1

CVE-2018-11278

In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Venus HW searches for start code when decoding input bit stream buffers. If start code is not found in entire buffer, there is over-fetch beyond allocation length. This leads to page fault.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
GoogleAndroid Version-
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.17% 0.068
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.1 1.8 5.2
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
nvd@nist.gov 6.6 3.9 9.2
AV:L/AC:L/Au:N/C:C/I:N/A:C
CWE-125 Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

https://www.codeaurora.org/security-bulletin/2018/09/04/september-2018-code-aurora-security-bulletin
Patch
Third Party Advisory
https://source.codeaurora.org/quic/la/platform/hardware/qcom/media/commit/?id=6c7dbdb2f067bf844beef2c41d9d67cacc3adfa6
Patch
Third Party Advisory