7.8

CVE-2018-11902

In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, lack of length validation check for value received from firmware can lead to OOB access in WLAN HOST.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
GoogleAndroid Version-
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.2% 0.1
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 7.2 3.9 10
AV:L/AC:L/Au:N/C:C/I:C/A:C
CWE-129 Improper Validation of Array Index

The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.

http://www.securityfocus.com/bid/107770
Third Party Advisory
VDB Entry
https://www.codeaurora.org/security-bulletin/2018/09/04/september-2018-code-aurora-security-bulletin
Patch
Third Party Advisory
https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=e6298b787b3510c295dd0c9276194b3578f3cf09
Patch
Third Party Advisory